httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1031758 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c
Date Fri, 05 Nov 2010 20:03:02 GMT
Author: covener
Date: Fri Nov  5 20:03:02 2010
New Revision: 1031758

URL: http://svn.apache.org/viewvc?rev=1031758&view=rev
Log:
PR47765: ProxyPass and ProxyPassReverse should not be accepted in
Directory or Files sections.


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/proxy/mod_proxy.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1031758&r1=1031757&r2=1031758&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Nov  5 20:03:02 2010
@@ -6,6 +6,9 @@ Changes with Apache 2.3.9
      Fix a denial of service attack against mod_reqtimeout.
      [Stefan Fritsch]
 
+  *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
+     <Directory> or <Files>. PR47765 [Eric Covener]
+
   *) prefork/worker/event MPMS: default value (when no directive is present)
      of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000 
      to match default configuration and manual. PR47782 [Eric Covener]

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?rev=1031758&r1=1031757&r2=1031758&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy.c Fri Nov  5 20:03:02 2010
@@ -1337,6 +1337,12 @@ static const char *
     int i;
     int use_regex = is_regex;
     unsigned int flags = 0;
+    const char *err;
+
+    err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES);
+    if (err) { 
+        return err;
+    }
 
     while (*arg) {
         word = ap_getword_conf(cmd->pool, &arg);
@@ -1490,6 +1496,12 @@ static const char * add_pass_reverse(cmd
     const char *fake;
     const char *real;
     const char *interp;
+    const char *err;
+
+    err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES);
+    if (err) { 
+        return err;
+    }
 
     if (cmd->path == NULL) {
         if (r == NULL || !strcasecmp(r, "interpolate")) {



Mime
View raw message