httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r583002 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy_http.c
Date Mon, 08 Oct 2007 23:47:36 GMT
Author: niq
Date: Mon Oct  8 16:47:35 2007
New Revision: 583002

URL: http://svn.apache.org/viewvc?rev=583002&view=rev
Log:
mod_proxy_http: Don't unescape/escape forward proxied URLs.  Just check them.
PR 42592

also add fix to PR42572 to CHANGES (from r563487/r563489)

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/proxy/mod_proxy_http.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=583002&r1=583001&r2=583002&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Oct  8 16:47:35 2007
@@ -2,6 +2,12 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_proxy_http: Check but don't escape/unescape forward-proxied URLs
+     PR 42592 [Nick Kew]
+
+  *) mpm winnt: fix null pointer dereference
+     PR 42572 [Davi Arnaut]
+
   *) http_core: OPTIONS * no longer maps to local storage or URI
      space. PR 43519 [Jim Jagielski]
 

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?rev=583002&r1=583001&r2=583002&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c Mon Oct  8 16:47:35 2007
@@ -36,6 +36,9 @@
     const char *err;
     const char *scheme;
     apr_port_t port, def_port;
+    const char *p;
+    const char *allowed = "~$-_.+!*'(),;:@&=/"; /* allowed+reserved from
+                                                   ap_proxy_canonenc */
 
     /* ap_port_of_scheme() */
     if (strncasecmp(url, "http:", 5) == 0) {
@@ -80,7 +83,30 @@
         search = r->args;
 
     /* process path */
-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
+    /* In a reverse proxy, our URL has been processed, so canonicalise
+     * In a forward proxy, we have and MUST NOT MANGLE the original,
+     * so just check it for disallowed chars.
+     */
+    switch (r->proxyreq) {
+    default: /* wtf are we doing here? */
+    case PROXYREQ_REVERSE:
+        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
+        break;
+    case PROXYREQ_PROXY:
+        for (p = url; *p; ++p) {
+            if (!apr_isalnum(*p) && !strchr(allowed, *p)) {
+                if (*p == '%' && apr_isxdigit(p[1]) && apr_isxdigit(p[2]))
{
+                    p += 2; /* an encoded char */
+                }
+                else {
+                    return HTTP_BAD_REQUEST; /* reject bad char in URL */
+                }
+            }
+        }
+        path = url;
+        break;
+    }
+
     if (path == NULL)
         return HTTP_BAD_REQUEST;
 



Mime
View raw message