]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f85baf6) | patch
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
authorJoe Orton <jorton@apache.org>
Wed, 5 Oct 2011 14:24:44 +0000 (14:24 +0000)
committerJoe Orton <jorton@apache.org>
Wed, 5 Oct 2011 14:24:44 +0000 (14:24 +0000)
commit3371c662632f499a390317ec46f35abd7bb1f066
treef1aae69a2731d4264493a53b2f2acda3c9d3313atree | snapshot
parentf85baf61046f0f997482a2073f10388c47282073commit | diff
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI:

* server/protocol.c (read_request_line): Send a 400 response if the
  request-URI does not match the grammar from RFC 2616.  This ensures
  the input string for RewriteRule et al really is an absolute path.

Reviewed by: rpluem, wrowe, covener, fielding

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1179239 13f79535-47bb-0310-9956-ffa450edef68
server/protocol.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.