You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2023/03/31 14:37:07 UTC
svn commit: r1908865 - in /httpd/httpd/branches/2.4.x: ./ changes-entries/ modules/http2/ modules/proxy/
Author: rpluem
Date: Fri Mar 31 14:37:07 2023
New Revision: 1908865
URL: http://svn.apache.org/viewvc?rev=1908865&view=rev
Log:
Merge r1908827, r1908838 from trunk:
mod_proxy: Check for space/ctrls in nocanon path/urls before forwarding.
Follow up to r1908827: CHANGES entry.
Submitted by: ylavic
Reviewed by: ylavic, rpluem, covener
Added:
httpd/httpd/branches/2.4.x/changes-entries/proxy_check_path.txt
- copied unchanged from r1908838, httpd/httpd/trunk/changes-entries/proxy_check_path.txt
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_uwsgi.c
httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1908827,1908838
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Fri Mar 31 14:37:07 2023
@@ -151,17 +151,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_proxy: Check before forwarding that a nocanon path has not been
- rewritten with spaces during processing.
- trunk patch: https://svn.apache.org/r1908827
- https://svn.apache.org/r1908838
- 2.4.x patch: svn merge -c 1908827,1908838 ^/httpd/httpd/trunk .
- (convenience gh diff/PR below, but missing CHANGES entry..)
- https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/354.diff
- https://github.com/apache/httpd/pull/354
- +1: ylavic, rpluem, covener
- rpluem says: svn merge should work fine once the backport above this one
- is in.
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Modified: httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/mod_proxy_http2.c Fri Mar 31 14:37:07 2023
@@ -164,26 +164,31 @@ static int proxy_http2_canon(request_rec
path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url),
enc_path, flags, r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
- if (search && *ap_scan_vchar_obstext(search)) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
break;
case PROXYREQ_PROXY:
path = url;
break;
}
-
- if (path == NULL) {
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10420)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+ if (search && *ap_scan_vchar_obstext(search)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
if (port != def_port) {
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_ajp.c Fri Mar 31 14:37:07 2023
@@ -75,20 +75,27 @@ static int proxy_ajp_canon(request_rec *
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10418)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *ap_scan_vchar_obstext(search)) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_balancer.c Fri Mar 31 14:37:07 2023
@@ -112,20 +112,27 @@ static int proxy_balancer_canon(request_
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10416)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *ap_scan_vchar_obstext(search)) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
r->filename = apr_pstrcat(r->pool, "proxy:" BALANCER_PREFIX, host,
"/", path, (search) ? "?" : "", (search) ? search : "", NULL);
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_fcgi.c Fri Mar 31 14:37:07 2023
@@ -102,9 +102,20 @@ static int proxy_fcgi_canon(request_rec
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
+ }
+ /*
+ * If we have a raw control character or a ' ' in nocanon path,
+ * correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
r->filename = apr_pstrcat(r->pool, "proxy:fcgi://", host, sport, "/",
path, NULL);
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c Fri Mar 31 14:37:07 2023
@@ -131,26 +131,32 @@ static int proxy_http_canon(request_rec
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path,
flags, r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
- if (search && *ap_scan_vchar_obstext(search)) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
- }
break;
case PROXYREQ_PROXY:
path = url;
break;
}
-
- if (path == NULL)
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10415)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
+ if (search && *ap_scan_vchar_obstext(search)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_uwsgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_uwsgi.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_uwsgi.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_uwsgi.c Fri Mar 31 14:37:07 2023
@@ -94,9 +94,19 @@ static int uwsgi_canon(request_rec *r, c
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
}
- if (!path) {
- return HTTP_BAD_REQUEST;
+ /*
+ * If we have a raw control character or a ' ' in nocanon path,
+ * correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10417)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
}
r->filename =
Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c?rev=1908865&r1=1908864&r2=1908865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_wstunnel.c Fri Mar 31 14:37:07 2023
@@ -120,20 +120,27 @@ static int proxy_wstunnel_canon(request_
path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags,
r->proxyreq);
+ if (!path) {
+ return HTTP_BAD_REQUEST;
+ }
search = r->args;
}
+ /*
+ * If we have a raw control character or a ' ' in nocanon path or
+ * r->args, correct encoding was missed.
+ */
+ if (path == url && *ap_scan_vchar_obstext(path)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10419)
+ "To be forwarded path contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
if (search && *ap_scan_vchar_obstext(search)) {
- /*
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
- if (path == NULL)
- return HTTP_BAD_REQUEST;
if (port != def_port)
apr_snprintf(sport, sizeof(sport), ":%d", port);