diff options
author | Ruediger Pluem <rpluem@apache.org> | 2023-03-31 14:37:07 +0000 |
---|---|---|
committer | Ruediger Pluem <rpluem@apache.org> | 2023-03-31 14:37:07 +0000 |
commit | fd92481223a0d213f1dc2f96745f495efcf33eca (patch) | |
tree | 245001fd7721d156b97a20854530f67ae9e640cf /modules/proxy/mod_proxy_ajp.c | |
parent | 9b8cf1746bb004050b02a30bf0222479fbe405c2 (diff) | |
download | httpd-fd92481223a0d213f1dc2f96745f495efcf33eca.tar.gz |
Merge r1908827, r1908838 from trunk:
mod_proxy: Check for space/ctrls in nocanon path/urls before forwarding.
Follow up to r1908827: CHANGES entry.
Submitted by: ylavic
Reviewed by: ylavic, rpluem, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908865 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/proxy/mod_proxy_ajp.c')
-rw-r--r-- | modules/proxy/mod_proxy_ajp.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index f5b25662e1..65773ce768 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -75,20 +75,27 @@ static int proxy_ajp_canon(request_rec *r, char *url) path = ap_proxy_canonenc_ex(r->pool, url, strlen(url), enc_path, flags, r->proxyreq); + if (!path) { + return HTTP_BAD_REQUEST; + } search = r->args; } + /* + * If we have a raw control character or a ' ' in nocanon path or + * r->args, correct encoding was missed. + */ + if (path == url && *ap_scan_vchar_obstext(path)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10418) + "To be forwarded path contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } if (search && *ap_scan_vchar_obstext(search)) { - /* - * We have a raw control character or a ' ' in r->args. - * Correct encoding was missed. - */ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406) "To be forwarded query string contains control " "characters or spaces"); return HTTP_FORBIDDEN; } - if (path == NULL) - return HTTP_BAD_REQUEST; if (port != def_port) apr_snprintf(sport, sizeof(sport), ":%d", port); |