File apache2-CVE-2024-38473-4.patch of Package apache2.36090

Overview Repositories Revisions Requests Users Attributes Meta

File apache2-CVE-2024-38473-4.patch of Package apache2.36090

From 4326d6b9041a3bcb9b529f9163d0761c2d760700 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 26 Jun 2024 14:56:47 +0000
Subject: [PATCH] factor out IS_SLASH, perdir fix

in per-dir, the filename will be internally redirected, so / is OK too.

don't add / to / in the non-perdir

match AP_IS_SLASH macro

followup to 1918651

Merges r1918651, r1918652, r1918663 from trunk
Reviewed by: covener, ylavic, rpluem
GH: close #458

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918668 13f79535-47bb-0310-9956-ffa450edef68
---
 include/ap_mmn.h              |  3 ++-
 include/httpd.h               | 11 +++++++++++
 modules/mappers/mod_rewrite.c | 11 ++++-------
 server/util.c                 | 31 ++++++++++---------------------
 4 files changed, 27 insertions(+), 29 deletions(-)

Index: httpd-2.4.51/include/httpd.h
===================================================================
--- httpd-2.4.51.orig/include/httpd.h
+++ httpd-2.4.51/include/httpd.h
@@ -2597,6 +2597,17 @@ AP_DECLARE(const char *)ap_dir_fnmatch(a
  */
 AP_DECLARE(int) ap_is_chunked(apr_pool_t *p, const char *line);
 
+/* Win32/NetWare/OS2 need to check for both forward and back slashes
+ * in ap_normalize_path() and ap_escape_url().
+ */
+#ifdef CASE_BLIND_FILESYSTEM
+#define AP_IS_SLASH(s) ((s == '/') || (s == '\\'))
+#define AP_SLASHES "/\\"
+#else
+#define AP_IS_SLASH(s) (s == '/')
+#define AP_SLASHES "/"
+#endif
+
 #ifdef __cplusplus
 }
 #endif
Index: httpd-2.4.51/modules/mappers/mod_rewrite.c
===================================================================
--- httpd-2.4.51.orig/modules/mappers/mod_rewrite.c
+++ httpd-2.4.51/modules/mappers/mod_rewrite.c
@@ -644,14 +644,11 @@ static unsigned is_absolute_uri(char *ur
 
 static int is_absolute_path(const char *path)
 {
-#ifndef WIN32
+#ifndef CASE_BLIND_FILESYSTEM
     return (path[0] == '/');
 #else
-#define IS_SLASH(c) ((c) == '/' || (c) == '\\')
-    /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */
-    return ((IS_SLASH(path[0]) && path[1] == path[0])
-            || (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2])));
-#undef IS_SLASH
+    return ((AP_IS_SLASH(path[0]) && path[1] == path[0])
+            || (apr_isalpha(path[0]) && path[1] == ':' && AP_IS_SLASH(path[2])));
 #endif
 }
 
@@ -4300,11 +4297,11 @@ static rule_return_type apply_rewrite_ru
      */
     if (!is_proxyreq
         && !is_absolute_path(newuri)
+        && !AP_IS_SLASH(*newuri)
         && !is_absolute_uri(newuri, NULL)) {
         if (ctx->perdir) {
             rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
                        newuri, ctx->perdir, newuri));
-
             newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL);
         }
         else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {
Index: httpd-2.4.51/server/util.c
===================================================================
--- httpd-2.4.51.orig/server/util.c
+++ httpd-2.4.51/server/util.c
@@ -75,17 +75,6 @@
  */
 #include "test_char.h"
 
-/* Win32/NetWare/OS2 need to check for both forward and back slashes
- * in ap_normalize_path() and ap_escape_url().
- */
-#ifdef CASE_BLIND_FILESYSTEM
-#define IS_SLASH(s) ((s == '/') || (s == '\\'))
-#define SLASHES "/\\"
-#else
-#define IS_SLASH(s) (s == '/')
-#define SLASHES "/"
-#endif
-
 /* we know core's module_index is 0 */
 #undef APLOG_MODULE_INDEX
 #define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
@@ -494,7 +483,7 @@ AP_DECLARE(apr_status_t) ap_pregsub_ex(a
 /* Forward declare */
 static char x2c(const char *what);
 
-#define IS_SLASH_OR_NUL(s) (s == '\0' || IS_SLASH(s))
+#define IS_SLASH_OR_NUL(s) (s == '\0' || AP_IS_SLASH(s))
 
 /*
  * Inspired by mod_jk's jk_servlet_normalize().
@@ -505,7 +494,7 @@ AP_DECLARE(int) ap_normalize_path(char *
     apr_size_t l = 1, w = 1, n;
     int decode_unreserved = (flags & AP_NORMALIZE_DECODE_UNRESERVED) != 0;
 
-    if (!IS_SLASH(path[0])) {
+    if (!AP_IS_SLASH(path[0])) {
         /* Besides "OPTIONS *", a request-target should start with '/'
          * per RFC 7230 section 5.3, so anything else is invalid.
          */
@@ -546,12 +535,12 @@ AP_DECLARE(int) ap_normalize_path(char *
             }
         }
 
-        if (w == 0 || IS_SLASH(path[w - 1])) {
+        if (w == 0 || AP_IS_SLASH(path[w - 1])) {
             /* Collapse ///// sequences to / */
-            if ((flags & AP_NORMALIZE_MERGE_SLASHES) && IS_SLASH(path[l])) {
+            if ((flags & AP_NORMALIZE_MERGE_SLASHES) && AP_IS_SLASH(path[l])) {
                 do {
                     l++;
-                } while (IS_SLASH(path[l]));
+                } while (AP_IS_SLASH(path[l]));
                 continue;
             }
 
@@ -580,7 +569,7 @@ AP_DECLARE(int) ap_normalize_path(char *
                     if (w > 1) {
                         do {
                             w--;
-                        } while (w && !IS_SLASH(path[w - 1]));
+                        } while (w && !AP_IS_SLASH(path[w - 1]));
                     }
                     else {
                         /* Already at root, ignore and return a failure
@@ -1916,7 +1905,7 @@ static int unescape_url(char *url, const
                 char decoded;
                 decoded = x2c(y + 1);
                 if ((decoded == '\0')
-                    || (forbid_slashes && IS_SLASH(decoded))
+                    || (forbid_slashes && AP_IS_SLASH(decoded))
                     || (forbid && ap_strchr_c(forbid, decoded))) {
                     badpath = 1;
                     *x = decoded;
@@ -1924,7 +1913,7 @@ static int unescape_url(char *url, const
                 }
                 else if ((keep_unreserved && TEST_CHAR(decoded,
                                                        T_URI_UNRESERVED))
-                         || (keep_slashes && IS_SLASH(decoded))
+                         || (keep_slashes && AP_IS_SLASH(decoded))
                          || (reserved && ap_strchr_c(reserved, decoded))) {
                     *x++ = *y++;
                     *x++ = *y++;
@@ -1951,7 +1940,7 @@ static int unescape_url(char *url, const
 AP_DECLARE(int) ap_unescape_url(char *url)
 {
     /* Traditional */
-    return unescape_url(url, SLASHES, NULL, 0);
+    return unescape_url(url, AP_SLASHES, NULL, 0);
 }
 AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes)
 {
@@ -1961,7 +1950,7 @@ AP_DECLARE(int) ap_unescape_url_keep2f(c
         return unescape_url(url, NULL, NULL, 0);
     } else {
         /* reserve (do not decode) encoded slashes */
-        return unescape_url(url, NULL, SLASHES, 0);
+        return unescape_url(url, NULL, AP_SLASHES, 0);
     }
 }
 AP_DECLARE(int) ap_unescape_url_ex(char *url, unsigned int flags)

Places

File apache2-CVE-2024-38473-4.patch of Package apache2.36090

Places