Merge r1233604 from trunk:

Adjust CVE-2011-3368/CVE-2011-4317 fixes to rely solely on
core's translate-name to fail unsupported URIs.

Rewrite and proxy now decline what they don't support rather
than fail the request.

Suggested by: trawick
Implemented by: jorton
Tweaked by: wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233619 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 17f52cba2473452b40c1bec6ca3bff0a5b7d703c..c2cbd705537c1dc7478d6488fd7a143bd3592b18 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4419,18 +4419,11 @@ static int hook_uri2file(request_rec *r)
         return DECLINED;
     }
 
-    if (strcmp(r->unparsed_uri, "*") == 0) {
-        /* Don't apply rewrite rules to "*". */
+    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
+        || !r->uri || r->uri[0] != '/') {
         return DECLINED;
     }
 
-    /* Check that the URI is valid. */
-    if (!r->uri || r->uri[0] != '/') {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00668)
-                     "Invalid URI in request %s", r->the_request);
-        return HTTP_BAD_REQUEST;
-    }
-    
     /*
      *  add the SCRIPT_URL variable to the env. this is a bit complicated
      *  due to the fact that apache uses subrequests and internal redirects

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 751c88594b2498165b76ab218b433b8d55405416..3764650a9cd1c3ee7caa34d90902267b55caf722 100644 (file)
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -656,18 +656,11 @@ static int proxy_trans(request_rec *r)
         return OK;
     }
 
-    if (strcmp(r->unparsed_uri, "*") == 0) {
-        /* "*" cannot be proxied. */
+    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
+        || !r->uri || r->uri[0] != '/') {
         return DECLINED;
     }
 
-    /* Check that the URI is valid. */
-    if (!r->uri || r->uri[0] != '/') {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01137)
-                     "Invalid URI in request %s", r->the_request);
-        return HTTP_BAD_REQUEST;
-    }
-
     /* XXX: since r->uri has been manipulated already we're not really
      * compliant with RFC1945 at this point.  But this probably isn't
      * an issue because this is a hybrid proxy/origin server.

diff --git a/server/protocol.c b/server/protocol.c
index 5a9135c8b23f40646e6396563313d1a56293634e..11a82e1acb7251571ad28ce28adb1973bbee5d28 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -655,26 +655,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
 
     ap_parse_uri(r, uri);
 
-    /* RFC 2616:
-     *   Request-URI    = "*" | absoluteURI | abs_path | authority
-     *
-     * authority is a special case for CONNECT.  If the request is not
-     * using CONNECT, and the parsed URI does not have scheme, and
-     * it does not begin with '/', and it is not '*', then, fail
-     * and give a 400 response. */
-    if (r->method_number != M_CONNECT 
-        && !r->parsed_uri.scheme 
-        && uri[0] != '/'
-        && !(uri[0] == '*' && uri[1] == '\0')) {
-        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00559)
-                      "invalid request-URI %s", uri);
-        r->args = NULL;
-        r->hostname = NULL;
-        r->status = HTTP_BAD_REQUEST;
-        r->uri = apr_pstrdup(r->pool, uri);
-        return 0;
-    }
-
     if (ll[0]) {
         r->assbackwards = 0;
         pro = ll;