www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

mod_proxy: Detect unix: scheme syntax errors at load time.

Browse Source 
* modules/proxy/mod_proxy.c(add_pass, add_member, set_proxy_param,
                            proxysection):
  Check return value of ap_proxy_de_socketfy().

* modules/proxy/proxy_util.c(ap_proxy_get_worker_ex):
  Check return value of ap_proxy_de_socketfy().



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895914 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2021-12-13 18:07:22 +00:00
parent 10fbb5c3cd
commit 5c49a85c12
2 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
modules/proxy/mod_proxy.c
View File

@@ -2041,6 +2041,7 @@ static const char *
struct proxy_alias *new; struct proxy_alias *new;
char *f = cmd->path; char *f = cmd->path;
char *r = NULL; char *r = NULL;
const char *real;
char *word; char *word;
apr_table_t *params = apr_table_make(cmd->pool, 5); apr_table_t *params = apr_table_make(cmd->pool, 5);
const apr_array_header_t *arr; const apr_array_header_t *arr;
@@ -2127,6 +2128,10 @@ static const char *
if (r == NULL) { if (r == NULL) {
return "ProxyPass|ProxyPassMatch needs a path when not defined in a location"; return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
} }
if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
}
/* if per directory, save away the single alias */ /* if per directory, save away the single alias */
if (cmd->path) { if (cmd->path) {
@@ -2143,7 +2148,7 @@ static const char *
} }
new->fake = apr_pstrdup(cmd->pool, f); new->fake = apr_pstrdup(cmd->pool, f);
new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r)); new->real = apr_pstrdup(cmd->pool, real);
new->flags = flags; new->flags = flags;
if (worker_type & AP_PROXY_WORKER_IS_MATCH) { if (worker_type & AP_PROXY_WORKER_IS_MATCH) {
new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED); new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
@@ -2696,6 +2701,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
proxy_worker *worker; proxy_worker *worker;
char *path = cmd->path; char *path = cmd->path;
char *name = NULL; char *name = NULL;
const char *real;
char *word; char *word;
apr_table_t *params = apr_table_make(cmd->pool, 5); apr_table_t *params = apr_table_make(cmd->pool, 5);
const apr_array_header_t *arr; const apr_array_header_t *arr;
@@ -2736,6 +2742,9 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
return "BalancerMember must define balancer name when outside <Proxy > section"; return "BalancerMember must define balancer name when outside <Proxy > section";
if (!name) if (!name)
return "BalancerMember must define remote proxy server"; return "BalancerMember must define remote proxy server";
if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
return "BalancerMember uses an invalid \"unix:\" URL";
}
ap_str_tolower(path); /* lowercase scheme://hostname */ ap_str_tolower(path); /* lowercase scheme://hostname */
@@ -2748,8 +2757,7 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
} }
/* Try to find existing worker */ /* Try to find existing worker */
worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
ap_proxy_de_socketfy(cmd->temp_pool, name));
if (!worker) { if (!worker) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
"Defining worker '%s' for balancer '%s'", "Defining worker '%s' for balancer '%s'",
@@ -2846,9 +2854,14 @@ static const char *
} }
} }
else { else {
const char *real;
if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
return "ProxySet uses an invalid \"unix:\" URL";
}
worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf, worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, conf,
ap_proxy_de_socketfy(cmd->temp_pool, name), real, worker_type);
worker_type);
if (!worker) { if (!worker) {
if (in_proxy_section) { if (in_proxy_section) {
err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL,
@@ -2991,9 +3004,14 @@ static const char *proxysection(cmd_parms *cmd, void *mconfig, const char *arg)
} }
} }
else { else {
const char *real;
if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
}
worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf, worker = ap_proxy_get_worker_ex(cmd->temp_pool, NULL, sconf,
ap_proxy_de_socketfy(cmd->temp_pool, conf->p), real, worker_type);
worker_type);
if (!worker) { if (!worker) {
err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf, err = ap_proxy_define_worker_ex(cmd->pool, &worker, NULL, sconf,
conf->p, worker_type); conf->p, worker_type);

3
modules/proxy/proxy_util.c
View File

@@ -1735,6 +1735,9 @@ PROXY_DECLARE(proxy_worker *) ap_proxy_get_worker_ex(apr_pool_t *p,
} }
url = ap_proxy_de_socketfy(p, url); url = ap_proxy_de_socketfy(p, url);
if (!url) {
return NULL;
}
c = ap_strchr_c(url, ':'); c = ap_strchr_c(url, ':');
if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') { if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {