www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Introduce request taint-checking concept.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792169 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Nick Kew
2017-04-21 08:44:06 +00:00
parent b517584604
commit 38e269322b
7 changed files with 60 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/proxy/mod_proxy.c
View File

@@ -932,6 +932,14 @@ static int proxy_fixup(request_rec *r)
if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
/* A request that has passed through .htaccess has no business
* serving contents from so far outside its directory.
* Since we're going to decline it, don't waste time here.
*/
if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
return DECLINED;
}
/* XXX: Shouldn't we try this before we run the proxy_walk? */
url = &r->filename[6];
@@ -1025,6 +1033,13 @@ static int proxy_handler(request_rec *r)
return DECLINED;
}
/* A request that has passed through .htaccess has no business
* serving contents from so far outside its directory.
*/
if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
return DECLINED;
}
if (!r->proxyreq) {
/* We may have forced the proxy handler via config or .htaccess */
if (r->handler &&