You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/01/08 14:08:57 UTC
cvs commit: httpd-2.0/modules/dav/main mod_dav.c
jorton 2004/01/08 05:08:57
Modified: . CHANGES
modules/dav/main mod_dav.c
Log:
* modules/dav/main/mod_dav.c (dav_handler): Reject request if the
Request-URI includes a fragment part, i.e. an unescaped #.
PR: 21779
Submitted by: Amit Athavale <am...@lycos.com>
Revision Changes Path
1.1353 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1352
retrieving revision 1.1353
diff -b -d -u -r1.1352 -r1.1353
--- CHANGES 7 Jan 2004 02:51:28 -0000 1.1352
+++ CHANGES 8 Jan 2004 13:08:57 -0000 1.1353
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) mod_dav: Disallow requests with an unescaped hash character in
+ the Request-URI. PR 21779. Amit Athavale <amit_athavale lycos.com>
+
*) Add forensic logging module (mod_log_forensic).
[Ben Laurie]
1.103 +10 -0 httpd-2.0/modules/dav/main/mod_dav.c
Index: mod_dav.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/dav/main/mod_dav.c,v
retrieving revision 1.102
retrieving revision 1.103
diff -b -d -u -r1.102 -r1.103
--- mod_dav.c 1 Jan 2004 13:26:18 -0000 1.102
+++ mod_dav.c 8 Jan 2004 13:08:57 -0000 1.103
@@ -4563,6 +4563,16 @@
if (strcmp(r->handler, DAV_HANDLER_NAME) != 0)
return DECLINED;
+ /* Reject requests with an unescaped hash character, as these may
+ * be more destructive than the user intended. */
+ if (r->parsed_uri.fragment != NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "buggy client used un-escaped hash in Request-URI");
+ return dav_error_response(r, HTTP_BAD_REQUEST,
+ "The request was invalid: the URI included "
+ "an un-escaped hash character");
+ }
+
/* ### do we need to do anything with r->proxyreq ?? */
/*