1 https://issues.apache.org/bugzilla/show_bug.cgi?id=52774 |
|
2 |
|
3 --- modules/mappers/mod_rewrite.c Mon Aug 20 10:22:53 2012 |
|
4 +++ modules/mappers/mod_rewrite.c Tue Sep 18 04:02:33 2012 |
|
5 @@ -4319,14 +4319,29 @@ |
|
6 /* Unless the anyuri option is set, ensure that the input to the |
|
7 * first rule really is a URL-path, avoiding security issues with |
|
8 * poorly configured rules. See CVE-2011-3368, CVE-2011-4317. */ |
|
9 + /* |
|
10 + * We believe that URI starting with "http://" is valid and thus we fork |
|
11 + * here little bit from upstream. I'm intentionally not optimizing |
|
12 + * following if statement to keep changes against upstream clear. |
|
13 + * See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=52774 |
|
14 + */ |
|
15 if ((dconf->options & OPTION_ANYURI) == 0 |
|
16 && ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') |
|
17 - || !r->uri || r->uri[0] != '/')) { |
|
18 + || !r->uri)) { |
|
19 rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. " |
|
20 "Consult the manual entry for the RewriteOptions directive " |
|
21 "for options and caveats about matching other strings.", |
|
22 r->uri)); |
|
23 return DECLINED; |
|
24 + } else if ((dconf->options & OPTION_ANYURI) == 0 && r->uri[0] != '/') { |
|
25 + if (strncmp(r->uri, "http://" , 7) != 0 && |
|
26 + strncmp(r->uri, "https://", 8 )!= 0) { |
|
27 + rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. " |
|
28 + "Consult the manual entry for the RewriteOptions directive " |
|
29 + "for options and caveats about matching other strings.", |
|
30 + r->uri)); |
|
31 + return DECLINED; |
|
32 + } |
|
33 } |
|
34 |
|
35 /* |
|