components/apache2/patches/bug52774.patch
changeset 1008 85cbcf3980ca
parent 795 6344ba200d21
child 4696 96b9957387bf
equal deleted inserted replaced
1007:16cb553a85a2 1008:85cbcf3980ca
     1 https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
     1 https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
     2 
     2 
     3 --- modules/mappers/mod_rewrite.c	Tue Jan 24 11:39:31 2012
     3 --- modules/mappers/mod_rewrite.c	Mon Aug 20 10:22:53 2012
     4 +++ modules/mappers/mod_rewrite.c	Thu Apr  5 07:37:37 2012
     4 +++ modules/mappers/mod_rewrite.c	Tue Sep 18 04:02:33 2012
     5 @@ -4266,9 +4266,13 @@
     5 @@ -4302,14 +4302,29 @@
       
     6      /* Unless the anyuri option is set, ensure that the input to the
       
     7       * first rule really is a URL-path, avoiding security issues with
       
     8       * poorly configured rules.  See CVE-2011-3368, CVE-2011-4317. */
       
     9 +    /*
       
    10 +     * We believe that URI starting with "http://" is valid and thus we fork
       
    11 +     * here little bit from upstream. I'm intentionally not optimizing
       
    12 +     * following if statement to keep changes against upstream clear.
       
    13 +     * See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
       
    14 +     */
       
    15      if ((dconf->options & OPTION_ANYURI) == 0
       
    16          && ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
       
    17 -            || !r->uri || r->uri[0] != '/')) {
       
    18 +            || !r->uri)) {
       
    19          rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
       
    20                      "Consult the manual entry for the RewriteOptions directive "
       
    21                      "for options and caveats about matching other strings.",
       
    22                      r->uri));
     6          return DECLINED;
    23          return DECLINED;
     7      }
    24 +    } else if ((dconf->options & OPTION_ANYURI) == 0 && r->uri[0] != '/') {
     8  
       
     9 -    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
       
    10 -        || !r->uri || r->uri[0] != '/') {
       
    11 +    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') || !r->uri) {
       
    12          return DECLINED;
       
    13 +    } else if (r->uri[0] != '/') {
       
    14 +        if (strncmp(r->uri, "http://" , 7) != 0 && 
    25 +        if (strncmp(r->uri, "http://" , 7) != 0 && 
    15 +            strncmp(r->uri, "https://", 8 )!= 0) {
    26 +            strncmp(r->uri, "https://", 8 )!= 0) {
       
    27 +              rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
       
    28 +                          "Consult the manual entry for the RewriteOptions directive "
       
    29 +                          "for options and caveats about matching other strings.",
       
    30 +                          r->uri));
    16 +             return DECLINED;
    31 +             return DECLINED;
    17 +        }
    32 +        }
    18      }
    33      }
    19  
    34  
    20      /*
    35      /*