www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

* We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14)

Browse Source 
later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true
  for requests with the CONNECT method which we need to decline. But in many
  cases requests with the CONNECT method have (u - url) > 14 as in this
  case (u - url) is the length of the FQDN the forward proxy should connect
  to.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886141 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ruediger Pluem
2021-02-02 19:50:14 +00:00
parent b09a823c34
commit 8b4d4ab2ed
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/proxy/mod_proxy_http.c
View File

@@ -1903,15 +1903,15 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
is_ssl = 0;
}
if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113)
"HTTP: declining URL %s", url);
return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
}
if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
"overlong proxy URL scheme in %s", url);
return HTTP_BAD_REQUEST;
}
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113)
"HTTP: declining URL %s", url);
return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
}
if (is_ssl && !ap_proxy_ssl_enable(NULL)) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01112)
"HTTP: declining URL %s (mod_ssl not configured?)", url);