httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61560] New: Incorrect string matching used in ProxyPassReverseCookiePath and ProxyPassReverseCookieDomain
Date Sat, 23 Sep 2017 00:05:11 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61560

            Bug ID: 61560
           Summary: Incorrect string matching used in
                    ProxyPassReverseCookiePath and
                    ProxyPassReverseCookieDomain
           Product: Apache httpd-2
           Version: 2.4.27
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
          Assignee: bugs@httpd.apache.org
          Reporter: bart@cilfone.com
  Target Milestone: ---

When using a reverse proxy, mod_proxy is not properly parsing the Set-Cookie
header when modifying on the way back to the client.

The issue is in the definition of the string matcher:

    ap_proxy_strmatch_path = apr_strmatch_precompile(pconf, "path=", 0);
    ap_proxy_strmatch_domain = apr_strmatch_precompile(pconf, "domain=", 0);

The issue is obvious to see and easily reproduced if the origin server sets a
cookie whose name ends in the word "path" or "domain".

For example, if the reverse proxy has a configuration directive such as:
ProxyPassReverseCookiePath  /  /my/nested/path

and the origin server sets a header like:
Set-Cookie: testPath=/hello;path=/

then the reverse proxy will rewrite the value of the cookie in the header to:
Set-Cookie: testPath=/my/nested/path;path=/

which is to say, it did NOT rewrite the cookie path (still "/"), but rather it
rewrote the cookie value because the cookie name ended with the letters "path".

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message