Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
apache2
apache2-CVE-2024-38473-2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2024-38473-2.patch of Package apache2
From 6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce Mon Sep 17 00:00:00 2001 From: Yann Ylavic <ylavic@apache.org> Date: Wed, 26 Jun 2024 14:51:32 +0000 Subject: [PATCH] mod_proxy: Fixup UDS filename for mod_proxy called through r->handler. * modules/proxy/proxy_util.c: Export ap_proxy_fixup_uds_filename() from fix_uds_filename. Call it from ap_proxy_pre_request() even for rewritten balancer workers. * modules/proxy/mod_proxy.h: Declare ap_proxy_fixup_uds_filename() * modules/proxy/mod_proxy.c: Fixup UDS filename from r->handler in proxy_handler(). * include/ap_mmn.h: Bump MMN minor for ap_proxy_fixup_uds_filename() mod_proxy: follow up to r1918626: Simplify ap_proxy_fixup_uds_filename() and callers. Merges r1918626, r1918647 from trunk GH: closes #457 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918666 13f79535-47bb-0310-9956-ffa450edef68 --- include/ap_mmn.h | 3 ++- modules/proxy/mod_proxy.c | 33 ++++++++++++++++++------------ modules/proxy/mod_proxy.h | 8 ++++++++ modules/proxy/proxy_util.c | 41 ++++++++++++++++++++++---------------- 4 files changed, 54 insertions(+), 31 deletions(-) Index: httpd-2.4.58/modules/proxy/mod_proxy.c =================================================================== --- httpd-2.4.58.orig/modules/proxy/mod_proxy.c +++ httpd-2.4.58/modules/proxy/mod_proxy.c @@ -1227,6 +1227,7 @@ static int proxy_fixup(request_rec *r) return OK; /* otherwise; we've done the best we can */ } + /* Send a redirection if the request contains a hostname which is not */ /* fully qualified, i.e. doesn't have a domain name appended. Some proxy */ /* servers like Netscape's allow this and access hosts from the local */ @@ -1280,7 +1281,7 @@ static int proxy_handler(request_rec *r) ap_get_module_config(sconf, &proxy_module); apr_array_header_t *proxies = conf->proxies; struct proxy_remote *ents = (struct proxy_remote *) proxies->elts; - int i, rc, access_status; + int rc = DECLINED, access_status, i; int direct_connect = 0; const char *str; apr_int64_t maxfwd; @@ -1295,22 +1296,28 @@ static int proxy_handler(request_rec *r) return DECLINED; } - if (!r->proxyreq) { - rc = DECLINED; - /* We may have forced the proxy handler via config or .htaccess */ - if (r->handler && - strncmp(r->handler, "proxy:", 6) == 0 && - strncmp(r->filename, "proxy:", 6) != 0) { - r->proxyreq = PROXYREQ_REVERSE; - r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); - /* Still need to fixup/canonicalize r->filename */ + /* We may have forced the proxy handler via config or .htaccess */ + if (!r->proxyreq && r->handler && strncmp(r->handler, "proxy:", 6) == 0) { + char *old_filename = r->filename; + + r->proxyreq = PROXYREQ_REVERSE; + r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); + + /* Still need to fixup/canonicalize r->filename */ + rc = ap_proxy_fixup_uds_filename(r); + if (rc <= OK) { rc = proxy_fixup(r); } if (rc != OK) { - return rc; + r->filename = old_filename; + r->proxyreq = 0; } - } else if (strncmp(r->filename, "proxy:", 6) != 0) { - return DECLINED; + } + else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) { + rc = OK; + } + if (rc != OK) { + return rc; } /* handle max-forwards / OPTIONS / TRACE */ Index: httpd-2.4.58/modules/proxy/mod_proxy.h =================================================================== --- httpd-2.4.58.orig/modules/proxy/mod_proxy.h +++ httpd-2.4.58/modules/proxy/mod_proxy.h @@ -993,6 +993,14 @@ PROXY_DECLARE(proxy_balancer_shared *) a proxy_balancer *balancer, unsigned int *index); +/* + * Strip the UDS part of r->filename if any, and put the UDS path in + * r->notes ("uds_path") + * @param r current request + * @return OK if fixed up, DECLINED if not UDS, or an HTTP_XXX error + */ +PROXY_DECLARE(int) ap_proxy_fixup_uds_filename(request_rec *r); + /** * Get the most suitable worker and/or balancer for the request * @param worker worker used for processing request Index: httpd-2.4.58/modules/proxy/proxy_util.c =================================================================== --- httpd-2.4.58.orig/modules/proxy/proxy_util.c +++ httpd-2.4.58/modules/proxy/proxy_util.c @@ -2316,7 +2316,7 @@ static int ap_proxy_retry_worker(const c * were passed a UDS url (eg: from mod_proxy) and adjust uds_path * as required. */ -static int fix_uds_filename(request_rec *r, char **url) +PROXY_DECLARE(int) ap_proxy_fixup_uds_filename(request_rec *r) { char *uds_url = r->filename + 6, *origin_url; @@ -2324,7 +2324,6 @@ static int fix_uds_filename(request_rec !ap_cstr_casecmpn(uds_url, "unix:", 5) && (origin_url = ap_strchr(uds_url + 5, '|'))) { char *uds_path = NULL; - apr_size_t url_len; apr_uri_t urisock; apr_status_t rv; @@ -2339,20 +2338,20 @@ static int fix_uds_filename(request_rec if (!uds_path) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10292) "Invalid proxy UDS filename (%s)", r->filename); - return 0; + return HTTP_BAD_REQUEST; } apr_table_setn(r->notes, "uds_path", uds_path); - /* Remove the UDS path from *url and r->filename */ - url_len = strlen(origin_url); - *url = apr_pstrmemdup(r->pool, origin_url, url_len); - memcpy(uds_url, *url, url_len + 1); - ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, - "*: rewrite of url due to UDS(%s): %s (%s)", - uds_path, *url, r->filename); + "*: fixup UDS from %s: %s (%s)", + r->filename, origin_url, uds_path); + + /* Overwrite the UDS part in place */ + memmove(uds_url, origin_url, strlen(origin_url) + 1); + return OK; } - return 1; + + return DECLINED; } PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker, @@ -2371,9 +2370,6 @@ PROXY_DECLARE(int) ap_proxy_pre_request( ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "%s: found worker %s for %s", (*worker)->s->scheme, (*worker)->s->name_ex, *url); - if (!forward && !fix_uds_filename(r, url)) { - return HTTP_INTERNAL_SERVER_ERROR; - } access_status = OK; } else if (forward) { @@ -2403,9 +2399,6 @@ PROXY_DECLARE(int) ap_proxy_pre_request( * regarding the Connection header in the request. */ apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1"); - if (!fix_uds_filename(r, url)) { - return HTTP_INTERNAL_SERVER_ERROR; - } } } } @@ -2415,6 +2408,20 @@ PROXY_DECLARE(int) ap_proxy_pre_request( "all workers are busy. Unable to serve %s", *url); access_status = HTTP_SERVICE_UNAVAILABLE; } + + if (access_status == OK && r->proxyreq == PROXYREQ_REVERSE) { + int rc = ap_proxy_fixup_uds_filename(r); + if (ap_is_HTTP_ERROR(rc)) { + return rc; + } + /* If the URL has changed in r->filename, take everything after + * the "proxy:" prefix. + */ + if (rc == OK) { + *url = apr_pstrdup(r->pool, r->filename + 6); + } + } + return access_status; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor