httpd-36987

Version:  

httpd 2.0.54

Failure report link:

https://issues.apache.org/bugzilla/show_bug.cgi?id=36987

How it is diagnosed (reproduced or source analysis)?

We did not reproduce the failure so we relied on source (patch) analysis.

Symptom:

Wrong results. Not all sites in a ProxyBlock list are blocked as intended.

Root cause:

In two nested while loops, the second loop's condition variable was not reset before the loop, so only the first IP in the list was blocked..

968:   while (conf_addr) {
969:        while (uri_addr) {
970:          char *conf_ip;
971:          char *uri_ip;
972:          apr_sockaddr_ip_get(&conf_ip, conf_addr);
973:          apr_sockaddr_ip_get(&uri_ip, uri_addr);
974:          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
975:                "proxy: ProxyBlock comparing %s and %s", conf_ip,uri_ip);
976:          if (!apr_strnatcasecmp(conf_ip, uri_ip)) {
977:             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
978:              "proxy: connect remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip);
979:                return HTTP_FORBIDDEN;
980:            }
981:            uri_addr = uri_addr->next;
982:        }
983:        conf_addr = conf_addr->next;
984:    }

The uri_addr didn’t get reset!
after the loop is exited for the first time so it is not entered again on the
next runs of the outer loop.

Fix:
         while (conf_addr) {
+           uri_addr = src_uri_addr;
           while (uri_addr) {
                char *conf_ip;
                char *uri_ip;

Is there Error Message?

No

Can Errlog anticipate the error?

No...

Is there debug (non-default verbosity) message?

Yes.

-----------BEGIN ORIGINAL ERROR.LOG------------
[Mon Oct 10 13:46:14 2005] [debug] proxy_util.c(975): proxy: checking remote machine [216.113.188.64] against [x.com]
[Mon Oct 10 13:46:14 2005] [debug] proxy_util.c(991): proxy: ProxyBlock
comparing 64.4.241.33 and 216.113.188.64
-----------END ORIGINAL ERROR.LOG--------------

These debug msgs are very helpful! By looking at he debug msg and expected ip lists to be compared together, developers can guess the root cause.