Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6CA2B9ED2 for ; Thu, 19 Jan 2012 22:42:18 +0000 (UTC) Received: (qmail 64257 invoked by uid 500); 19 Jan 2012 22:42:18 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 64162 invoked by uid 500); 19 Jan 2012 22:42:17 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 64155 invoked by uid 99); 19 Jan 2012 22:42:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jan 2012 22:42:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jan 2012 22:42:16 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 000C6238889B; Thu, 19 Jan 2012 22:41:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1233619 - in /httpd/httpd/branches/2.4.x: modules/mappers/mod_rewrite.c modules/proxy/mod_proxy.c server/protocol.c Date: Thu, 19 Jan 2012 22:41:55 -0000 To: cvs@httpd.apache.org From: trawick@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120119224156.000C6238889B@eris.apache.org> Author: trawick Date: Thu Jan 19 22:41:55 2012 New Revision: 1233619 URL: http://svn.apache.org/viewvc?rev=1233619&view=rev Log: Merge r1233604 from trunk: Adjust CVE-2011-3368/CVE-2011-4317 fixes to rely solely on core's translate-name to fail unsupported URIs. Rewrite and proxy now decline what they don't support rather than fail the request. Suggested by: trawick Implemented by: jorton Tweaked by: wrowe Modified: httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c httpd/httpd/branches/2.4.x/server/protocol.c Modified: httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c?rev=1233619&r1=1233618&r2=1233619&view=diff ============================================================================== --- httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c (original) +++ httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c Thu Jan 19 22:41:55 2012 @@ -4419,18 +4419,11 @@ static int hook_uri2file(request_rec *r) return DECLINED; } - if (strcmp(r->unparsed_uri, "*") == 0) { - /* Don't apply rewrite rules to "*". */ + if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') + || !r->uri || r->uri[0] != '/') { return DECLINED; } - /* Check that the URI is valid. */ - if (!r->uri || r->uri[0] != '/') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00668) - "Invalid URI in request %s", r->the_request); - return HTTP_BAD_REQUEST; - } - /* * add the SCRIPT_URL variable to the env. this is a bit complicated * due to the fact that apache uses subrequests and internal redirects Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c?rev=1233619&r1=1233618&r2=1233619&view=diff ============================================================================== --- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c (original) +++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c Thu Jan 19 22:41:55 2012 @@ -656,18 +656,11 @@ static int proxy_trans(request_rec *r) return OK; } - if (strcmp(r->unparsed_uri, "*") == 0) { - /* "*" cannot be proxied. */ + if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') + || !r->uri || r->uri[0] != '/') { return DECLINED; } - /* Check that the URI is valid. */ - if (!r->uri || r->uri[0] != '/') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01137) - "Invalid URI in request %s", r->the_request); - return HTTP_BAD_REQUEST; - } - /* XXX: since r->uri has been manipulated already we're not really * compliant with RFC1945 at this point. But this probably isn't * an issue because this is a hybrid proxy/origin server. Modified: httpd/httpd/branches/2.4.x/server/protocol.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/protocol.c?rev=1233619&r1=1233618&r2=1233619&view=diff ============================================================================== --- httpd/httpd/branches/2.4.x/server/protocol.c (original) +++ httpd/httpd/branches/2.4.x/server/protocol.c Thu Jan 19 22:41:55 2012 @@ -655,26 +655,6 @@ static int read_request_line(request_rec ap_parse_uri(r, uri); - /* RFC 2616: - * Request-URI = "*" | absoluteURI | abs_path | authority - * - * authority is a special case for CONNECT. If the request is not - * using CONNECT, and the parsed URI does not have scheme, and - * it does not begin with '/', and it is not '*', then, fail - * and give a 400 response. */ - if (r->method_number != M_CONNECT - && !r->parsed_uri.scheme - && uri[0] != '/' - && !(uri[0] == '*' && uri[1] == '\0')) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00559) - "invalid request-URI %s", uri); - r->args = NULL; - r->hostname = NULL; - r->status = HTTP_BAD_REQUEST; - r->uri = apr_pstrdup(r->pool, uri); - return 0; - } - if (ll[0]) { r->assbackwards = 0; pro = ll;