From: Graham Leggett Date: Sun, 26 May 2013 19:43:23 +0000 (+0000) Subject: mod_dav: Make sure that when we prepare an If URL for Etag comparison, X-Git-Tag: 2.4.5~223 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d3300f0b8defa02809f3d6501e33fcbdcbab5e96;p=apache mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. PR 53910 trunk patch: http://svn.apache.org/r1470940 http://svn.apache.org/r1477530 Submitted by: Timothy Wood Reviewed by: minfrin, jim, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1486454 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 9ad48154b6..bda41f308e 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.5 + *) mod_dav: Make sure that when we prepare an If URL for Etag comparison, + we compare unencoded paths. PR 53910 [Timothy Wood ] + *) 'AuthGroupFile' and 'AuthUserFile' do not accept anymore the optional 'standard' keyword . It was unused and not documented. PR54463 [Tianyin Xu and Christophe Jaillet] diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index aa08584102..ca82f9c54f 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -635,9 +635,18 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih) /* clean up the URI a bit */ ap_getparents(parsed_uri.path); + + /* the resources we will compare to have unencoded paths */ + if (ap_unescape_url(parsed_uri.path) != OK) { + return dav_new_error(r->pool, HTTP_BAD_REQUEST, + DAV_ERR_IF_TAGGED, rv, + "Invalid percent encoded URI in tagged If-header."); + } + uri_len = strlen(parsed_uri.path); - if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') + if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') { parsed_uri.path[--uri_len] = '\0'; + } uri = parsed_uri.path; list_type = tagged;