diff options
Diffstat (limited to 'www/apache22/patches/patch-modules_proxy_mod_proxy.c')
-rw-r--r-- | www/apache22/patches/patch-modules_proxy_mod_proxy.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/www/apache22/patches/patch-modules_proxy_mod_proxy.c b/www/apache22/patches/patch-modules_proxy_mod_proxy.c new file mode 100644 index 00000000000..e088a60b1c6 --- /dev/null +++ b/www/apache22/patches/patch-modules_proxy_mod_proxy.c @@ -0,0 +1,35 @@ +$NetBSD: patch-modules_proxy_mod_proxy.c,v 1.1.2.2 2011/12/14 02:43:13 sbd Exp $ + +revision 1209432 from http://svn.apache.org/: + Fix for additional cases of URL rewriting with ProxyPassMatch or + RewriteRule, where particular request-URIs could result in undesired + backend network exposure in some configurations. (CVE-2011-4317) + + Thanks to Prutha Parikh from Qualys for reporting this issue. + + * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" + request-URI. Fail for cases where r->uri does not begin with a "/". + + * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise. + +--- modules/proxy/mod_proxy.c.orig 2010-10-07 18:51:18.000000000 +0000 ++++ modules/proxy/mod_proxy.c +@@ -566,6 +566,18 @@ static int proxy_trans(request_rec *r) + return OK; + } + ++ if (strcmp(r->unparsed_uri, "*") == 0) { ++ /* "*" cannot be proxied. */ ++ return DECLINED; ++ } ++ ++ /* Check that the URI is valid. */ ++ if (!r->uri || r->uri[0] != '/') { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "Invalid URI in request %s", r->the_request); ++ return HTTP_BAD_REQUEST; ++ } ++ + /* XXX: since r->uri has been manipulated already we're not really + * compliant with RFC1945 at this point. But this probably isn't + * an issue because this is a hybrid proxy/origin server. |