From: Jim Jagielski Date: Tue, 30 May 2017 12:24:22 +0000 (+0000) Subject: Merge r1776463 from trunk: X-Git-Tag: 2.4.26~53 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=71df22eefd0a03c11b5732c253d772fdd8b342c0;p=apache Merge r1776463 from trunk: PR60009: RewriteRule local prefix checking update *) mod_rewrite: When a substitution is a fully qualified URL, and the scheme/host/port matches the current virtual host, stop interpreting the path component as a local path just because the first component of the path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot" to revert to previous behavior. PR60009. Submitted By: Hank Ibell Submitted by: covener Reviewed by: covener, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796852 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index cd68295754..7a07d99277 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,13 @@ Changes with Apache 2.4.26 + *) mod_rewrite: When a substitution is a fully qualified URL, and the + scheme/host/port matches the current virtual host, stop interpreting the + path component as a local path just because the first component of the + path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot" + to revert to previous behavior. PR60009. + [Hank Ibell ] + *) core: ap_parse_form_data() URL-decoding doesn't work on EBCDIC platforms. PR61124. [Hank Ibell ] @@ -65,7 +72,7 @@ Changes with Apache 2.4.26 *) mod_autoindex: Add IndexOptions UseOldDateFormat to allow the date format from 2.2 in the Last Modified column. PR60846. [Hank Ibell ] - + *) core: Add %{REMOTE_PORT} to the expression parser. PR59938 [Hank Ibell ] diff --git a/STATUS b/STATUS index daad558602..a52af1f092 100644 --- a/STATUS +++ b/STATUS @@ -120,15 +120,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_rewrite: When a substitution is a fully qualified URL, and the - scheme/host/port matches the current virtual host, stop interpreting the - path component as a local path just because the first component of the - path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot" - to revert to previous behavior. PR60009. - trunk patch: http://svn.apache.org/r1776463 - 2.4.x patch: svn merge -c 1776463 1776708 ^/httpd/httpd/trunk . - +1: covener, jim, ylavic - *) mod_env: When processing a 'SetEnv' directive, warn if the environment variable name includes a '='. It is likely a configuration error. PR 60249. diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml index e03e1fc091..ca523f3c9e 100644 --- a/docs/manual/mod/mod_rewrite.xml +++ b/docs/manual/mod/mod_rewrite.xml @@ -272,6 +272,25 @@ LogLevel alert rewrite:trace3 supply this extended context info. Available in 2.4.16 and later.

+ +
LegacyPrefixDocRoot
+
+ +

Prior to 2.4.25, if a substitution was an absolute URL that matched + the current virtual host, the URL might first be reduced to a URL-path + and then later reduced to a local path. Since the URL can be reduced + to a local path, the path should be prefixed with the document root. + This prevents a file such as /tmp/myfile from being accessed when a + request is made to http://host/file/myfile with the following + RewriteRule.

+ + RewriteRule /file/(.*) http://localhost/tmp/$1 + +

This option allows the old behavior to be used where the document + root is not prefixed to a local path that was reduced from a + URL. Available in 2.4.25 and later.

+
+ diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index d54ad8f4a8..3d1fe3c451 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -198,6 +198,7 @@ static const char* really_last_key = "rewrite_really_last"; #define OPTION_INHERIT_DOWN_BEFORE (1<<7) #define OPTION_IGNORE_INHERIT (1<<8) #define OPTION_IGNORE_CONTEXT_INFO (1<<9) +#define OPTION_LEGACY_PREFIX_DOCROOT (1<<10) #ifndef RAND_MAX #define RAND_MAX 32767 @@ -864,8 +865,15 @@ static void reduce_uri(request_rec *r) /* now check whether we could reduce it to a local path... */ if (ap_matches_request_vhost(r, host, port)) { + rewrite_server_conf *conf = + ap_get_module_config(r->server->module_config, &rewrite_module); rewritelog((r, 3, NULL, "reduce %s -> %s", r->filename, url)); r->filename = apr_pstrdup(r->pool, url); + + /* remember that the uri was reduced */ + if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) { + apr_table_setn(r->notes, "mod_rewrite_uri_reduced", "true"); + } } } @@ -3007,6 +3015,9 @@ static const char *cmd_rewriteoptions(cmd_parms *cmd, else if (!strcasecmp(w, "ignorecontextinfo")) { options |= OPTION_IGNORE_CONTEXT_INFO; } + else if (!strcasecmp(w, "legacyprefixdocroot")) { + options |= OPTION_LEGACY_PREFIX_DOCROOT; + } else { return apr_pstrcat(cmd->pool, "RewriteOptions: unknown option '", w, "'", NULL); @@ -4777,6 +4788,7 @@ static int hook_uri2file(request_rec *r) } else { /* it was finally rewritten to a local path */ + const char *uri_reduced = NULL; /* expand "/~user" prefix */ #if APR_HAS_USER @@ -4812,7 +4824,12 @@ static int hook_uri2file(request_rec *r) * because we only do stat() on the first directory * and this gets cached by the kernel for along time! */ - if (!prefix_stat(r->filename, r->pool)) { + + if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) { + uri_reduced = apr_table_get(r->notes, "mod_rewrite_uri_reduced"); + } + + if (!prefix_stat(r->filename, r->pool) || uri_reduced != NULL) { int res; char *tmp = r->uri;