Use APR_STATUS_IS_TIMEUP instead of direct compare to APR_TIMEUP to

be more safe on different platforms.

Note: This commit has an additional, platform-independent change to
mark the back-end connection for closing ("backend->close = 1;").
That code is not required to resolve CVE-2010-2068 on any platform.

PR: 49417
Addresses CVE-2010-2068


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@953418 13f79535-47bb-0310-9956-ffa450edef68

modules/proxy/mod_proxy_http.c

@@ -1403,7 +1403,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
                           "proxy: error reading status line from remote "
                           "server %s:%d", backend->hostname, backend->port);
-            if (rc == APR_TIMEUP) {
+            if (APR_STATUS_IS_TIMEUP(rc)) {
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                               "proxy: read timeout");
             }
@@ -1419,7 +1419,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
              * we normally would handle timeouts
              */
             if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives &&
-                rc != APR_TIMEUP) {
+                !APR_STATUS_IS_TIMEUP(rc)) {
                 apr_bucket *eos;
 
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
@@ -1451,6 +1451,8 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
                     APR_BUCKET_INSERT_BEFORE(eos, e);
                 }
                 ap_pass_brigade(r->output_filters, bb);
+                /* Mark the backend connection for closing */
+                backend->close = 1;
                 /* Need to return OK to avoid sending an error message */
                 return OK;
             }