| author | Petr Sumbera <petr.sumbera@oracle.com> |
| Thu, 06 Oct 2011 02:15:52 -0700 | |
| changeset 530 | ef96dd9da2a7 |
| permissions | -rw-r--r-- |
|
530
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
1 |
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
2 |
SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
3 |
reverse proxy configurations by strictly validating the request-URI. |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
4 |
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
5 |
http://svn.apache.org/viewvc?rev=1179239&view=rev |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
6 |
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
7 |
--- server/protocol.c |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
8 |
+++ server/protocol.c |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
9 |
@@ -640,6 +640,25 @@ |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
10 |
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
11 |
ap_parse_uri(r, uri); |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
12 |
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
13 |
+ /* RFC 2616: |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
14 |
+ * Request-URI = "*" | absoluteURI | abs_path | authority |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
15 |
+ * |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
16 |
+ * authority is a special case for CONNECT. If the request is not |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
17 |
+ * using CONNECT, and the parsed URI does not have scheme, and |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
18 |
+ * it does not begin with '/', and it is not '*', then, fail |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
19 |
+ * and give a 400 response. */ |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
20 |
+ if (r->method_number != M_CONNECT |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
21 |
+ && !r->parsed_uri.scheme |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
22 |
+ && uri[0] != '/' |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
23 |
+ && !(uri[0] == '*' && uri[1] == '\0')) {
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
24 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
25 |
+ "invalid request-URI %s", uri); |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
26 |
+ r->args = NULL; |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
27 |
+ r->hostname = NULL; |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
28 |
+ r->status = HTTP_BAD_REQUEST; |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
29 |
+ r->uri = apr_pstrdup(r->pool, uri); |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
30 |
+ } |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
31 |
+ |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
32 |
if (ll[0]) {
|
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
33 |
r->assbackwards = 0; |
|
ef96dd9da2a7
7098278 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff
changeset
|
34 |
pro = ll; |