From d102daa5639e62ad0c2ec7adc24ca55a788ed6cd Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Thu, 8 Jan 2004 13:08:57 +0000 Subject: [PATCH] * modules/dav/main/mod_dav.c (dav_handler): Reject request if the Request-URI includes a fragment part, i.e. an unescaped #. PR: 21779 Submitted by: Amit Athavale git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102224 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/dav/main/mod_dav.c | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/CHANGES b/CHANGES index 18794ebec8..d7b0ac4d99 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_dav: Disallow requests with an unescaped hash character in + the Request-URI. PR 21779. Amit Athavale + *) Add forensic logging module (mod_log_forensic). [Ben Laurie] diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index a55844a2e6..11dad343d8 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -4563,6 +4563,16 @@ static int dav_handler(request_rec *r) if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) return DECLINED; + /* Reject requests with an unescaped hash character, as these may + * be more destructive than the user intended. */ + if (r->parsed_uri.fragment != NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "buggy client used un-escaped hash in Request-URI"); + return dav_error_response(r, HTTP_BAD_REQUEST, + "The request was invalid: the URI included " + "an un-escaped hash character"); + } + /* ### do we need to do anything with r->proxyreq ?? */ /* -- 2.50.1