www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_proxy: Follow up to r1892814.

Browse Source 
* modules/proxy/proxy_util.c(fix_uds_filename):
  Sanity checks on the configured UDS path, fail with 500 if invalid since
  continuing through proxy processing wouldn't work as expected.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892986 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2021-09-06 11:06:53 +00:00
parent 9c8178f7b7
commit fe32f679f4
1 changed files with 34 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
modules/proxy/proxy_util.c
View File

@@ -2268,33 +2268,42 @@ static int ap_proxy_retry_worker(const char *proxy_function, proxy_worker *worke
* were passed a UDS url (eg: from mod_proxy) and adjust uds_path * were passed a UDS url (eg: from mod_proxy) and adjust uds_path
* as required. * as required.
*/ */
static void fix_uds_filename(request_rec *r, char **url) static int fix_uds_filename(request_rec *r, char **url)
{ {
char *ptr, *ptr2; char *uds_url = r->filename + 6, *origin_url;
if (!r || !r->filename) return;
if (!strncmp(r->filename, "proxy:", 6) && if (!strncmp(r->filename, "proxy:", 6) &&
!ap_cstr_casecmpn(r->filename + 6, "unix:", 5) && !ap_cstr_casecmpn(uds_url, "unix:", 5) &&
(ptr2 = r->filename + 6 + 5, ptr = ap_strchr(ptr2, '|'))) { (origin_url = ap_strchr(uds_url + 5, '|'))) {
char *uds_path = NULL;
apr_size_t url_len;
apr_uri_t urisock; apr_uri_t urisock;
apr_status_t rv; apr_status_t rv;
*ptr = '\0';
rv = apr_uri_parse(r->pool, ptr2, &urisock); *origin_url = '\0';
if (rv == APR_SUCCESS) { rv = apr_uri_parse(r->pool, uds_url, &urisock);
char *rurl = ptr+1; *origin_url++ = '|';
char *sockpath = ap_runtime_dir_relative(r->pool, urisock.path);
apr_table_setn(r->notes, "uds_path", sockpath); if (rv == APR_SUCCESS && urisock.path && !urisock.hostname) {
*url = apr_pstrdup(r->pool, rurl); /* so we get the scheme for the uds */ uds_path = ap_runtime_dir_relative(r->pool, urisock.path);
/* r->filename starts w/ "proxy:", so add after that */
memmove(r->filename+6, rurl, strlen(rurl)+1);
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: rewrite of url due to UDS(%s): %s (%s)",
sockpath, *url, r->filename);
} }
else { if (!uds_path) {
*ptr = '|'; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
"Invalid proxy UDS filename (%s)", r->filename);
return 0;
} }
apr_table_setn(r->notes, "uds_path", uds_path);
/* Remove the UDS path from *url and r->filename */
url_len = strlen(origin_url);
*url = apr_pstrmemdup(r->pool, origin_url, url_len);
memcpy(uds_url, *url, url_len + 1);
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: rewrite of url due to UDS(%s): %s (%s)",
uds_path, *url, r->filename);
} }
return 1;
} }
PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker, PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
@@ -2312,7 +2321,9 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
"%s: found worker %s for %s", "%s: found worker %s for %s",
(*worker)->s->scheme, (*worker)->s->name, *url); (*worker)->s->scheme, (*worker)->s->name, *url);
*balancer = NULL; *balancer = NULL;
fix_uds_filename(r, url); if (!fix_uds_filename(r, url)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
access_status = OK; access_status = OK;
} }
else if (r->proxyreq == PROXYREQ_PROXY) { else if (r->proxyreq == PROXYREQ_PROXY) {
@@ -2343,7 +2354,9 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
* regarding the Connection header in the request. * regarding the Connection header in the request.
*/ */
apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1"); apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
fix_uds_filename(r, url); if (!fix_uds_filename(r, url)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
} }
} }
} }