Abstract out "verification of valid encoding" via

ap_proxy_isvalidenc(). Now we can use it in other
proxy protocols.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@583466 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 79ffc7a7e3f0cb73ea32e842186b07a83f0937b1..e4797e0cdf9a1d606368f7ab1b5f633a57cda023 100644 (file)
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -133,6 +133,7 @@
  * 20070823.0 (2.3.0-dev)  Removed ap_all_available_mutexes_string,
  *                         ap_available_mutexes_string for macros
  * 20070823.1 (2.3.0-dev)  add ap_send_interim_response()
+ * 20070823.2 (2.3.0-dev)  add ap_proxy_isvalidenc()
  *
  */
 

diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index de73723a1b31c80850bf4a1946deb63d678b981a..f3ae1f1b5ae6188965a2a1b2d922ed26a05ac8b8 100644 (file)
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -460,6 +460,7 @@ APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, request_status,
 PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r);
 PROXY_DECLARE(int) ap_proxy_hex2c(const char *x);
 PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x);
+PROXY_DECLARE(apr_status_t)ap_proxy_isvalidenc(const char *url, const char *allowed);
 PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t,
                                        int forcedec, int proxyreq);
 PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp,

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 3f34059994c2aa603153294c71c8a81f8bbf5a4e..e38bbf0f3d4f68b38ed764279e2c561217c0ba03 100644 (file)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -37,9 +37,6 @@ static int proxy_http_canon(request_rec *r, char *url)
     const char *err;
     const char *scheme;
     apr_port_t port, def_port;
-    const char *p;
-    const char *allowed = "~$-_.+!*'(),;:@&=/"; /* allowed+reserved from
-                                                   ap_proxy_canonenc */
 
     /* ap_port_of_scheme() */
     if (strncasecmp(url, "http:", 5) == 0) {
@@ -94,15 +91,8 @@ static int proxy_http_canon(request_rec *r, char *url)
         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
         break;
     case PROXYREQ_PROXY:
-        for (p = url; *p; ++p) {
-            if (!apr_isalnum(*p) && !strchr(allowed, *p)) {
-                if (*p == '%' && apr_isxdigit(p[1]) && apr_isxdigit(p[2])) {
-                    p += 2; /* an encoded char */
-                }
-                else {
-                    return HTTP_BAD_REQUEST; /* reject bad char in URL */
-                }
-            }
+        if (ap_proxy_isvalidenc(url, NULL) != APR_SUCCESS) {
+            return HTTP_BAD_REQUEST;
         }
         path = url;
         break;

diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 0b1d1f300cabe9afa4c463c8aa4b3d8e0470fd8f..1ce1b3886651fbf4b9ad7f4e96643f67c3123f4a 100644 (file)
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -134,6 +134,33 @@ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x)
 #endif /*APR_CHARSET_EBCDIC*/
 }
 
+/*
+ * Confirm that a URL-encoded string only contains
+ * valid encoding, valid chars are passed in allowed.
+ * If allowed is NULL, we use useful default.
+ */
+PROXY_DECLARE(apr_status_t)ap_proxy_isvalidenc(const char *url,
+                                               const char *allowed)
+
+{
+    if (!allowed) {
+        allowed = "~$-_.+!*'(),;:@&=/"; /* allowed+reserved from
+                                           ap_proxy_canonenc */
+    }
+
+    for ( ; *url; ++url) {
+        if (!apr_isalnum(*url) && !ap_strchr_c(allowed, *url)) {
+            if (*url == '%' && apr_isxdigit(url[1]) && apr_isxdigit(url[2])) {
+                url += 2; /* an encoded char */
+            }
+            else {
+                return APR_EGENERAL; /* reject bad char in URL */
+            }
+        }
+    }
+    return APR_SUCCESS;
+}
+
 /*
  * canonicalise a URL-encoded string
  */