You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/12/14 16:27:16 UTC

svn commit: r1774288 - in /httpd/httpd/trunk: CHANGES modules/mappers/mod_rewrite.c

Author: covener
Date: Wed Dec 14 16:27:15 2016
New Revision: 1774288

URL: http://svn.apache.org/viewvc?rev=1774288&view=rev
Log:
short-circuit some kinds of looping in RewriteRule.

PR60478

Submitted By: Jeff Wheelouse <apache wheelhouse.org>
Committed By: covener

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1774288&r1=1774287&r2=1774288&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 14 16:27:15 2016
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+ *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
+    looping RewriteRules when the local path significantly exceeds 
+    LimitRequestLine.  PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
+
  *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
      configured in <Location>, like in 2.2. PR 60458.
      [Eric Covener]

Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1774288&r1=1774287&r2=1774288&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Wed Dec 14 16:27:15 2016
@@ -4350,6 +4350,17 @@ static int apply_rewrite_list(request_re
         rc = apply_rewrite_rule(p, ctx);
 
         if (rc) {
+
+            /* Catch looping rules with pathinfo growing unbounded */
+            if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "RewriteRule '%s' and URI '%s' "
+                              "exceeded maximum length (%d)", 
+                              p->pattern, r->uri, 2*r->server->limit_req_line );
+                r->status = HTTP_INTERNAL_SERVER_ERROR;
+                return ACTION_STATUS;
+            }
+
             /* Regardless of what we do next, we've found a match. Check to see
              * if any of the request header fields were involved, and add them
              * to the Vary field of the response.