www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

don't forward invalid query strings

Browse Source 
Submitted by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908095 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
2023-03-05 20:27:11 +00:00
parent a47ee08073
commit d78a166fed
7 changed files with 73 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/proxy/mod_proxy_balancer.c
View File

@@ -110,6 +110,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
r->proxyreq);
search = r->args;
if (search && *(ap_scan_vchar_obstext(search))) {
/*
* We have a raw control character or a ' ' in r->args.
* Correct encoding was missed.
*/
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
"To be forwarded query string contains control "
"characters or spaces");
return HTTP_FORBIDDEN;
}
}
if (path == NULL)
return HTTP_BAD_REQUEST;