mirror of
https://github.com/apache/httpd.git
synced 2025-08-08 15:02:10 +03:00
don't forward invalid query strings
Submitted by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908095 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
@@ -1 +1 @@
|
|||||||
10406
|
10412
|
||||||
|
|||||||
@@ -162,6 +162,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
|
|||||||
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
|
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
|
||||||
enc_path, 0, r->proxyreq);
|
enc_path, 0, r->proxyreq);
|
||||||
search = r->args;
|
search = r->args;
|
||||||
|
if (search && *(ap_scan_vchar_obstext(search))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
|
||||||
|
"To be forwarded query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PROXYREQ_PROXY:
|
case PROXYREQ_PROXY:
|
||||||
|
|||||||
@@ -4794,6 +4794,17 @@ static int hook_uri2file(request_rec *r)
|
|||||||
apr_size_t flen;
|
apr_size_t flen;
|
||||||
int to_proxyreq;
|
int to_proxyreq;
|
||||||
|
|
||||||
|
if (r->args && *(ap_scan_vchar_obstext(r->args))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
|
||||||
|
"Rewritten query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
|
|
||||||
if (ACTION_STATUS == rulestatus) {
|
if (ACTION_STATUS == rulestatus) {
|
||||||
int n = r->status;
|
int n = r->status;
|
||||||
|
|
||||||
@@ -5092,6 +5103,17 @@ static int hook_fixup(request_rec *r)
|
|||||||
if (rulestatus) {
|
if (rulestatus) {
|
||||||
unsigned skip;
|
unsigned skip;
|
||||||
|
|
||||||
|
if (r->args && *(ap_scan_vchar_obstext(r->args))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
|
||||||
|
"Rewritten query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
|
|
||||||
if (ACTION_STATUS == rulestatus) {
|
if (ACTION_STATUS == rulestatus) {
|
||||||
int n = r->status;
|
int n = r->status;
|
||||||
|
|
||||||
|
|||||||
@@ -73,6 +73,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
|
|||||||
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
||||||
r->proxyreq);
|
r->proxyreq);
|
||||||
search = r->args;
|
search = r->args;
|
||||||
|
if (search && *(ap_scan_vchar_obstext(search))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
|
||||||
|
"To be forwarded query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (path == NULL)
|
if (path == NULL)
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
|
|||||||
@@ -110,6 +110,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
|
|||||||
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
||||||
r->proxyreq);
|
r->proxyreq);
|
||||||
search = r->args;
|
search = r->args;
|
||||||
|
if (search && *(ap_scan_vchar_obstext(search))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
|
||||||
|
"To be forwarded query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (path == NULL)
|
if (path == NULL)
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
|
|||||||
@@ -126,6 +126,16 @@ static int proxy_http_canon(request_rec *r, char *url)
|
|||||||
path = ap_proxy_canonenc(r->pool, url, strlen(url),
|
path = ap_proxy_canonenc(r->pool, url, strlen(url),
|
||||||
enc_path, 0, r->proxyreq);
|
enc_path, 0, r->proxyreq);
|
||||||
search = r->args;
|
search = r->args;
|
||||||
|
if (search && *(ap_scan_vchar_obstext(search))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
|
||||||
|
"To be forwarded query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PROXYREQ_PROXY:
|
case PROXYREQ_PROXY:
|
||||||
|
|||||||
@@ -203,6 +203,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
|
|||||||
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
|
||||||
r->proxyreq);
|
r->proxyreq);
|
||||||
search = r->args;
|
search = r->args;
|
||||||
|
if (search && *(ap_scan_vchar_obstext(search))) {
|
||||||
|
/*
|
||||||
|
* We have a raw control character or a ' ' in r->args.
|
||||||
|
* Correct encoding was missed.
|
||||||
|
*/
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
|
||||||
|
"To be forwarded query string contains control "
|
||||||
|
"characters or spaces");
|
||||||
|
return HTTP_FORBIDDEN;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (path == NULL)
|
if (path == NULL)
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
|
|||||||
Reference in New Issue
Block a user