httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: Fix for CVE-2011-4317 broke RewriteRule in forward proxy?
Date Sat, 24 Mar 2012 15:39:26 GMT
On Sat, Mar 24, 2012 at 7:31 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
> On 24.03.2012 07:02, Kaspar Brand wrote:
>>
>> On 23.03.2012 18:11, Rainer Jung wrote:
>>>
>>> It should be RewriteRule not RewriteMap in my previous mail. I
>>> simplified the config to a single RewriteRule but forgot to adjst
>>> subject and intro of my mail. The problem remains the same.
>>
>>
>> Doesn't that ring a bell - namely the one of PR 52774?
>
>
> Thanks Kaspar, yes that's the same issue. Sorry for not having remembered or
> searched that one.
>
> I expect the same problem for trunk, but will check it.
>
> I need to review the argumentation for the final variant of the
> CVE-2011-4317 fix but IMHO the current behavior is broken.

The primary reasoning was that it lets the long-standing fallback
logic in core fail the request if necessary, letting modules decide
what they could handle.  Subsequently it was determined that the error
path in the initial 3368 fix didn't work for HTTP 0.9 in some levels
of code (2.0 IIRC) and just managed to work in 2.2.

But yes, this forward proxy situation needs to be supported.  The
check added to mod_rewrite to skip things it didn't know how to handle
was not correct.

After a cursory skim of the code, it seems that RewriteRule could
conceivably be used on anything that gets in r->uri or r->filename,
but that generality, hopefully unintentional, was part of the original
problem.

Mime
View raw message