From 8b4d4ab2edae58ca02490d50f6488185fa68d914 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Tue, 2 Feb 2021 19:50:14 +0000 Subject: [PATCH] * We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14) later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true for requests with the CONNECT method which we need to decline. But in many cases requests with the CONNECT method have (u - url) > 14 as in this case (u - url) is the length of the FQDN the forward proxy should connect to. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886141 13f79535-47bb-0310-9956-ffa450edef68 --- modules/proxy/mod_proxy_http.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index f5d6fe24f2..637fc87609 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1903,15 +1903,15 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, is_ssl = 0; } if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') { - if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262) - "overlong proxy URL scheme in %s", url); - return HTTP_BAD_REQUEST; - } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113) "HTTP: declining URL %s", url); return DECLINED; /* only interested in HTTP, WS or FTP via proxy */ } + if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262) + "overlong proxy URL scheme in %s", url); + return HTTP_BAD_REQUEST; + } if (is_ssl && !ap_proxy_ssl_enable(NULL)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01112) "HTTP: declining URL %s (mod_ssl not configured?)", url);