PR 56603: Inappropiate ProxyPassReverse match when interpolated URL

author Eric Covener <covener@apache.org>

Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)

committer Eric Covener <covener@apache.org>

Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)
author Eric Covener <covener@apache.org>
Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)
committer Eric Covener <covener@apache.org>
Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)
diff --git a/CHANGES b/CHANGES

index 2049ac8564afb59b42f75b143fdb6fd2d0f6a216..c6b600ccbdc9a7b307b084e62d1f5e512c84c8c4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) mod_proxy: Prevent ProxyPassReverse from doing a substitution when
+     the URL parameter interpolates to an empty string. PR 56603.
+     [<ajprout hotmail.com>]
+
    *) core: Configuration files with long lines and continuation characters
       are not read properly. PR 55910. [Manuel Mausz <manuel-as mausz.at>]
  
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c

index 85d29b174926fc88940948b4d0272f7f7908cdeb..624d1ad3bf7107c0868a6ed16181bc1e7b58d085 100644 (file)
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -933,7 +933,7 @@ PROXY_DECLARE(const char *) ap_proxy_location_reverse_map(request_rec *r,
                      part = url;
                  }
              }
-            if (l1 >= l2 && strncasecmp(real, part, l2) == 0) {
+            if (l2 > 0 && l1 >= l2 && strncasecmp(real, part, l2) == 0) {
                  u = apr_pstrcat(r->pool, ent[i].fake, &part[l2], NULL);
                  return ap_is_url(u) ? u : ap_construct_url(r->pool, u, r);
              }
author	Eric Covener <covener@apache.org>
	Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)
committer	Eric Covener <covener@apache.org>
	Mon, 29 Dec 2014 21:05:56 +0000 (21:05 +0000)
CHANGES		patch \| blob \| history
modules/proxy/proxy_util.c		patch \| blob \| history