From: Jeff Trawick Date: Thu, 19 Jan 2012 22:41:55 +0000 (+0000) Subject: Merge r1233604 from trunk: X-Git-Tag: 2.4.1~112 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c929b7ab78536f3bdb7328f1cb62d2160e50c482;p=apache Merge r1233604 from trunk: Adjust CVE-2011-3368/CVE-2011-4317 fixes to rely solely on core's translate-name to fail unsupported URIs. Rewrite and proxy now decline what they don't support rather than fail the request. Suggested by: trawick Implemented by: jorton Tweaked by: wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233619 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 17f52cba24..c2cbd70553 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -4419,18 +4419,11 @@ static int hook_uri2file(request_rec *r) return DECLINED; } - if (strcmp(r->unparsed_uri, "*") == 0) { - /* Don't apply rewrite rules to "*". */ + if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') + || !r->uri || r->uri[0] != '/') { return DECLINED; } - /* Check that the URI is valid. */ - if (!r->uri || r->uri[0] != '/') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00668) - "Invalid URI in request %s", r->the_request); - return HTTP_BAD_REQUEST; - } - /* * add the SCRIPT_URL variable to the env. this is a bit complicated * due to the fact that apache uses subrequests and internal redirects diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 751c88594b..3764650a9c 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -656,18 +656,11 @@ static int proxy_trans(request_rec *r) return OK; } - if (strcmp(r->unparsed_uri, "*") == 0) { - /* "*" cannot be proxied. */ + if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') + || !r->uri || r->uri[0] != '/') { return DECLINED; } - /* Check that the URI is valid. */ - if (!r->uri || r->uri[0] != '/') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01137) - "Invalid URI in request %s", r->the_request); - return HTTP_BAD_REQUEST; - } - /* XXX: since r->uri has been manipulated already we're not really * compliant with RFC1945 at this point. But this probably isn't * an issue because this is a hybrid proxy/origin server. diff --git a/server/protocol.c b/server/protocol.c index 5a9135c8b2..11a82e1acb 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -655,26 +655,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) ap_parse_uri(r, uri); - /* RFC 2616: - * Request-URI = "*" | absoluteURI | abs_path | authority - * - * authority is a special case for CONNECT. If the request is not - * using CONNECT, and the parsed URI does not have scheme, and - * it does not begin with '/', and it is not '*', then, fail - * and give a 400 response. */ - if (r->method_number != M_CONNECT - && !r->parsed_uri.scheme - && uri[0] != '/' - && !(uri[0] == '*' && uri[1] == '\0')) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00559) - "invalid request-URI %s", uri); - r->args = NULL; - r->hostname = NULL; - r->status = HTTP_BAD_REQUEST; - r->uri = apr_pstrdup(r->pool, uri); - return 0; - } - if (ll[0]) { r->assbackwards = 0; pro = ll;