From 2349488a4457d13deb26042b4478feaaef0a02c7 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Wed, 10 Oct 2007 13:16:56 +0000 Subject: [PATCH] Abstract out "verification of valid encoding" via ap_proxy_isvalidenc(). Now we can use it in other proxy protocols. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@583466 13f79535-47bb-0310-9956-ffa450edef68 --- include/ap_mmn.h | 1 + modules/proxy/mod_proxy.h | 1 + modules/proxy/mod_proxy_http.c | 14 ++------------ modules/proxy/proxy_util.c | 27 +++++++++++++++++++++++++++ 4 files changed, 31 insertions(+), 12 deletions(-) diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 79ffc7a7e3..e4797e0cdf 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -133,6 +133,7 @@ * 20070823.0 (2.3.0-dev) Removed ap_all_available_mutexes_string, * ap_available_mutexes_string for macros * 20070823.1 (2.3.0-dev) add ap_send_interim_response() + * 20070823.2 (2.3.0-dev) add ap_proxy_isvalidenc() * */ diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index de73723a1b..f3ae1f1b5a 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -460,6 +460,7 @@ APR_DECLARE_EXTERNAL_HOOK(proxy, PROXY, int, request_status, PROXY_DECLARE(request_rec *)ap_proxy_make_fake_req(conn_rec *c, request_rec *r); PROXY_DECLARE(int) ap_proxy_hex2c(const char *x); PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x); +PROXY_DECLARE(apr_status_t)ap_proxy_isvalidenc(const char *url, const char *allowed); PROXY_DECLARE(char *)ap_proxy_canonenc(apr_pool_t *p, const char *x, int len, enum enctype t, int forcedec, int proxyreq); PROXY_DECLARE(char *)ap_proxy_canon_netloc(apr_pool_t *p, char **const urlp, char **userp, diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 3f34059994..e38bbf0f3d 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -37,9 +37,6 @@ static int proxy_http_canon(request_rec *r, char *url) const char *err; const char *scheme; apr_port_t port, def_port; - const char *p; - const char *allowed = "~$-_.+!*'(),;:@&=/"; /* allowed+reserved from - ap_proxy_canonenc */ /* ap_port_of_scheme() */ if (strncasecmp(url, "http:", 5) == 0) { @@ -94,15 +91,8 @@ static int proxy_http_canon(request_rec *r, char *url) path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); break; case PROXYREQ_PROXY: - for (p = url; *p; ++p) { - if (!apr_isalnum(*p) && !strchr(allowed, *p)) { - if (*p == '%' && apr_isxdigit(p[1]) && apr_isxdigit(p[2])) { - p += 2; /* an encoded char */ - } - else { - return HTTP_BAD_REQUEST; /* reject bad char in URL */ - } - } + if (ap_proxy_isvalidenc(url, NULL) != APR_SUCCESS) { + return HTTP_BAD_REQUEST; } path = url; break; diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 0b1d1f300c..1ce1b38866 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -134,6 +134,33 @@ PROXY_DECLARE(void) ap_proxy_c2hex(int ch, char *x) #endif /*APR_CHARSET_EBCDIC*/ } +/* + * Confirm that a URL-encoded string only contains + * valid encoding, valid chars are passed in allowed. + * If allowed is NULL, we use useful default. + */ +PROXY_DECLARE(apr_status_t)ap_proxy_isvalidenc(const char *url, + const char *allowed) + +{ + if (!allowed) { + allowed = "~$-_.+!*'(),;:@&=/"; /* allowed+reserved from + ap_proxy_canonenc */ + } + + for ( ; *url; ++url) { + if (!apr_isalnum(*url) && !ap_strchr_c(allowed, *url)) { + if (*url == '%' && apr_isxdigit(url[1]) && apr_isxdigit(url[2])) { + url += 2; /* an encoded char */ + } + else { + return APR_EGENERAL; /* reject bad char in URL */ + } + } + } + return APR_SUCCESS; +} + /* * canonicalise a URL-encoded string */ -- 2.40.0