From: Joe Orton <jorton@apache.org>
Date: Thu, 8 Jan 2004 13:08:57 +0000 (+0000)
Subject: * modules/dav/main/mod_dav.c (dav_handler): Reject request if the
X-Git-Tag: pre_ajp_proxy~854
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d102daa5639e62ad0c2ec7adc24ca55a788ed6cd;p=apache

* modules/dav/main/mod_dav.c (dav_handler): Reject request if the
Request-URI includes a fragment part, i.e. an unescaped #.

PR: 21779
Submitted by: Amit Athavale <amit_athavale@lycos.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102224 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 18794ebec8..d7b0ac4d99 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_dav: Disallow requests with an unescaped hash character in
+     the Request-URI.  PR 21779.  Amit Athavale <amit_athavale lycos.com>
+
   *) Add forensic logging module (mod_log_forensic).
      [Ben Laurie]
 
diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index a55844a2e6..11dad343d8 100644
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -4563,6 +4563,16 @@ static int dav_handler(request_rec *r)
     if (strcmp(r->handler, DAV_HANDLER_NAME) != 0)
         return DECLINED;
 
+    /* Reject requests with an unescaped hash character, as these may
+     * be more destructive than the user intended. */
+    if (r->parsed_uri.fragment != NULL) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                     "buggy client used un-escaped hash in Request-URI");
+        return dav_error_response(r, HTTP_BAD_REQUEST, 
+                                  "The request was invalid: the URI included "
+                                  "an un-escaped hash character");
+    }
+
     /* ### do we need to do anything with r->proxyreq ?? */
 
     /*