RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1209432 13f79535-47bb-0310-9956-
ffa450edef68
return DECLINED;
}
+ if (strcmp(r->unparsed_uri, "*") == 0) {
+ /* Don't apply rewrite rules to "*". */
+ return DECLINED;
+ }
+
+ /* Check that the URI is valid. */
+ if (!r->uri || r->uri[0] != '/') {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid URI in request %s", r->the_request);
+ return HTTP_BAD_REQUEST;
+ }
+
/*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
return OK;
}
+ if (strcmp(r->unparsed_uri, "*") == 0) {
+ /* "*" cannot be proxied. */
+ return DECLINED;
+ }
+
+ /* Check that the URI is valid. */
+ if (!r->uri || r->uri[0] != '/') {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Invalid URI in request %s", r->the_request);
+ return HTTP_BAD_REQUEST;
+ }
+
/* XXX: since r->uri has been manipulated already we're not really
* compliant with RFC1945 at this point. But this probably isn't
* an issue because this is a hybrid proxy/origin server.
projects / apache / commitdiff