From: Eric Covener <covener@apache.org>
Date: Fri, 23 Aug 2019 13:06:57 +0000 (+0000)
Subject: PR63688 balancer csrf problems
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0951669df6cd687511c10b1c889ba746407f4229;p=apache

PR63688 balancer csrf problems

fix case-sensitive referer check

Submitted By: Armin Abfalterer



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865749 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 52ced0b2df..cba4b195ab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS 
+     protection. PR63688. [Armin Abfalterer <a.abfalterer gmail.com>]
+
   *) mod_authn_socache: Increase the maximum length of strings that can be cached by
      the module from 100 to 256.  PR 62149 [<thorsten.meinl knime.com>]
 
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index 0ff3feb244..ca2462285b 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -1852,7 +1852,7 @@ static int safe_referer(request_rec *r, const char *ref)
     if (apr_uri_parse(r->pool, ref, &uri) || !uri.hostname)
         return 0;
 
-    return strcmp(uri.hostname, ap_get_server_name(r)) == 0;
+    return strcasecmp(uri.hostname, ap_get_server_name(r)) == 0;
 }
 
 /* Manages the loadfactors and member status