Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
apache2.36090
apache2-CVE-2023-25690.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2023-25690.patch of Package apache2.36090
From d78a166fedd9d02c23e4b71d5f53bd9b2c4b9a51 Mon Sep 17 00:00:00 2001 From: Eric Covener <covener@apache.org> Date: Sun, 5 Mar 2023 20:27:11 +0000 Subject: [PATCH] don't forward invalid query strings Submitted by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908095 13f79535-47bb-0310-9956-ffa450edef68 --- docs/log-message-tags/next-number | 2 +- modules/http2/mod_proxy_http2.c | 10 ++++++++++ modules/mappers/mod_rewrite.c | 22 ++++++++++++++++++++++ modules/proxy/mod_proxy_ajp.c | 10 ++++++++++ modules/proxy/mod_proxy_balancer.c | 10 ++++++++++ modules/proxy/mod_proxy_http.c | 10 ++++++++++ modules/proxy/mod_proxy_wstunnel.c | 10 ++++++++++ 7 files changed, 73 insertions(+), 1 deletion(-) Index: httpd-2.4.51/modules/http2/mod_proxy_http2.c =================================================================== --- httpd-2.4.51.orig/modules/http2/mod_proxy_http2.c +++ httpd-2.4.51/modules/http2/mod_proxy_http2.c @@ -158,6 +158,16 @@ static int proxy_http2_canon(request_rec path = ap_proxy_canonenc(r->pool, url, (int)strlen(url), enc_path, 0, r->proxyreq); search = r->args; + if (search && *(ap_scan_vchar_obstext(search))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } } break; case PROXYREQ_PROXY: Index: httpd-2.4.51/modules/mappers/mod_rewrite.c =================================================================== --- httpd-2.4.51.orig/modules/mappers/mod_rewrite.c +++ httpd-2.4.51/modules/mappers/mod_rewrite.c @@ -4703,6 +4703,17 @@ static int hook_uri2file(request_rec *r) unsigned skip; apr_size_t flen; + if (r->args && *(ap_scan_vchar_obstext(r->args))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410) + "Rewritten query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } + if (ACTION_STATUS == rulestatus) { int n = r->status; @@ -4987,6 +4998,17 @@ static int hook_fixup(request_rec *r) if (rulestatus) { unsigned skip; + if (r->args && *(ap_scan_vchar_obstext(r->args))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411) + "Rewritten query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } + if (ACTION_STATUS == rulestatus) { int n = r->status; Index: httpd-2.4.51/modules/proxy/mod_proxy_ajp.c =================================================================== --- httpd-2.4.51.orig/modules/proxy/mod_proxy_ajp.c +++ httpd-2.4.51/modules/proxy/mod_proxy_ajp.c @@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec * path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); search = r->args; + if (search && *(ap_scan_vchar_obstext(search))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } } if (path == NULL) return HTTP_BAD_REQUEST; Index: httpd-2.4.51/modules/proxy/mod_proxy_balancer.c =================================================================== --- httpd-2.4.51.orig/modules/proxy/mod_proxy_balancer.c +++ httpd-2.4.51/modules/proxy/mod_proxy_balancer.c @@ -106,6 +106,16 @@ static int proxy_balancer_canon(request_ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); search = r->args; + if (search && *(ap_scan_vchar_obstext(search))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } } if (path == NULL) return HTTP_BAD_REQUEST; Index: httpd-2.4.51/modules/proxy/mod_proxy_http.c =================================================================== --- httpd-2.4.51.orig/modules/proxy/mod_proxy_http.c +++ httpd-2.4.51/modules/proxy/mod_proxy_http.c @@ -125,6 +125,16 @@ static int proxy_http_canon(request_rec path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); search = r->args; + if (search && *(ap_scan_vchar_obstext(search))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } } break; case PROXYREQ_PROXY: Index: httpd-2.4.51/modules/proxy/mod_proxy_wstunnel.c =================================================================== --- httpd-2.4.51.orig/modules/proxy/mod_proxy_wstunnel.c +++ httpd-2.4.51/modules/proxy/mod_proxy_wstunnel.c @@ -114,6 +114,16 @@ static int proxy_wstunnel_canon(request_ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); search = r->args; + if (search && *(ap_scan_vchar_obstext(search))) { + /* + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } } if (path == NULL) return HTTP_BAD_REQUEST;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
