You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2023/03/05 20:28:43 UTC
svn commit: r1908096 - in /httpd/httpd/branches/2.4.x: ./ modules/http2/mod_proxy_http2.c modules/mappers/mod_rewrite.c modules/proxy/mod_proxy_ajp.c modules/proxy/mod_proxy_balancer.c modules/proxy/mod_proxy_http.c modules/proxy/mod_proxy_wstunnel.c
Author: covener
Date: Sun Mar 5 20:28:43 2023
New Revision: 1908096
URL: http://svn.apache.org/viewvc?rev=1908096&view=rev
Log:
Merge r1908095 from trunk:
don't forward invalid query strings
Submitted by: rpluem
Reviewed By: covener, fielding, rpluem, gbechis
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c
httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1908095
Modified: httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c Sun Mar 5 20:28:43 2023
@@ -158,6 +158,16 @@ static int proxy_http2_canon(request_rec
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
break;
case PROXYREQ_PROXY:
Modified: httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c Sun Mar 5 20:28:43 2023
@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
unsigned skip;
apr_size_t flen;
+ if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
+ "Rewritten query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+
if (ACTION_STATUS == rulestatus) {
int n = r->status;
@@ -5013,6 +5024,17 @@ static int hook_fixup(request_rec *r)
if (rulestatus) {
unsigned skip;
+ if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
+ "Rewritten query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+
if (ACTION_STATUS == rulestatus) {
int n = r->status;
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c Sun Mar 5 20:28:43 2023
@@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec *
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
if (path == NULL)
return HTTP_BAD_REQUEST;
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c Sun Mar 5 20:28:43 2023
@@ -106,6 +106,16 @@ static int proxy_balancer_canon(request_
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
if (path == NULL)
return HTTP_BAD_REQUEST;
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c Sun Mar 5 20:28:43 2023
@@ -125,6 +125,16 @@ static int proxy_http_canon(request_rec
path = ap_proxy_canonenc(r->pool, url, strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
break;
case PROXYREQ_PROXY:
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c?rev=1908096&r1=1908095&r2=1908096&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c Sun Mar 5 20:28:43 2023
@@ -114,6 +114,16 @@ static int proxy_wstunnel_canon(request_
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
if (path == NULL)
return HTTP_BAD_REQUEST;