You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/12/14 16:27:16 UTC
svn commit: r1774288 - in /httpd/httpd/trunk: CHANGES
modules/mappers/mod_rewrite.c
Author: covener
Date: Wed Dec 14 16:27:15 2016
New Revision: 1774288
URL: http://svn.apache.org/viewvc?rev=1774288&view=rev
Log:
short-circuit some kinds of looping in RewriteRule.
PR60478
Submitted By: Jeff Wheelouse <apache wheelhouse.org>
Committed By: covener
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_rewrite.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1774288&r1=1774287&r2=1774288&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 14 16:27:15 2016
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
+ looping RewriteRules when the local path significantly exceeds
+ LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
+
*) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
configured in <Location>, like in 2.2. PR 60458.
[Eric Covener]
Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1774288&r1=1774287&r2=1774288&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Wed Dec 14 16:27:15 2016
@@ -4350,6 +4350,17 @@ static int apply_rewrite_list(request_re
rc = apply_rewrite_rule(p, ctx);
if (rc) {
+
+ /* Catch looping rules with pathinfo growing unbounded */
+ if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "RewriteRule '%s' and URI '%s' "
+ "exceeded maximum length (%d)",
+ p->pattern, r->uri, 2*r->server->limit_req_line );
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ return ACTION_STATUS;
+ }
+
/* Regardless of what we do next, we've found a match. Check to see
* if any of the request header fields were involved, and add them
* to the Vary field of the response.