Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
apache2
apache2-CVE-2024-38473-4.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2024-38473-4.patch of Package apache2
From 4326d6b9041a3bcb9b529f9163d0761c2d760700 Mon Sep 17 00:00:00 2001 From: Yann Ylavic <ylavic@apache.org> Date: Wed, 26 Jun 2024 14:56:47 +0000 Subject: [PATCH] factor out IS_SLASH, perdir fix in per-dir, the filename will be internally redirected, so / is OK too. don't add / to / in the non-perdir match AP_IS_SLASH macro followup to 1918651 Merges r1918651, r1918652, r1918663 from trunk Reviewed by: covener, ylavic, rpluem GH: close #458 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918668 13f79535-47bb-0310-9956-ffa450edef68 --- include/ap_mmn.h | 3 ++- include/httpd.h | 11 +++++++++++ modules/mappers/mod_rewrite.c | 11 ++++------- server/util.c | 31 ++++++++++--------------------- 4 files changed, 27 insertions(+), 29 deletions(-) Index: httpd-2.4.23/include/httpd.h =================================================================== --- httpd-2.4.23.orig/include/httpd.h +++ httpd-2.4.23/include/httpd.h @@ -2453,6 +2453,17 @@ AP_DECLARE(int) ap_cstr_casecmp(const ch */ AP_DECLARE(int) ap_cstr_casecmpn(const char *s1, const char *s2, apr_size_t n); +/* Win32/NetWare/OS2 need to check for both forward and back slashes + * in ap_normalize_path() and ap_escape_url(). + */ +#ifdef CASE_BLIND_FILESYSTEM +#define AP_IS_SLASH(s) ((s == '/') || (s == '\\')) +#define AP_SLASHES "/\\" +#else +#define AP_IS_SLASH(s) (s == '/') +#define AP_SLASHES "/" +#endif + #ifdef __cplusplus } #endif Index: httpd-2.4.23/modules/mappers/mod_rewrite.c =================================================================== --- httpd-2.4.23.orig/modules/mappers/mod_rewrite.c +++ httpd-2.4.23/modules/mappers/mod_rewrite.c @@ -635,14 +635,11 @@ static unsigned is_absolute_uri(char *ur static int is_absolute_path(const char *path) { -#ifndef WIN32 +#ifndef CASE_BLIND_FILESYSTEM return (path[0] == '/'); #else -#define IS_SLASH(c) ((c) == '/' || (c) == '\\') - /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */ - return ((IS_SLASH(path[0]) && path[1] == path[0]) - || (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2]))); -#undef IS_SLASH + return ((AP_IS_SLASH(path[0]) && path[1] == path[0]) + || (apr_isalpha(path[0]) && path[1] == ':' && AP_IS_SLASH(path[2]))); #endif } @@ -4237,11 +4234,11 @@ static rule_return_type apply_rewrite_ru */ if (!is_proxyreq && !is_absolute_path(newuri) + && !AP_IS_SLASH(*newuri) && !is_absolute_uri(newuri, NULL)) { if (ctx->perdir) { rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s", newuri, ctx->perdir, newuri)); - newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL); } else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor