fix overlong scheme check

backport-fix-overlong-scheme-check.patch

@@ -0,0 +1,54 @@
+From 9f7d27daddf1c1df1f6f6b56c756c04fe51470b5 Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Tue, 2 Mar 2021 20:50:40 +0000
+Subject: [PATCH] Merge r1886141, r1886151 from trunk:
+
+* We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14)
+  later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true
+  for requests with the CONNECT method which we need to decline. But in many
+  cases requests with the CONNECT method have (u - url) > 14 as in this
+  case (u - url) is the length of the FQDN the forward proxy should connect
+  to.
+
+
+mod_proxy_http: follow up to r1886141, axe overlong scheme check.
+
+Since mod_proxy can see CONNECT URIs, "hostname:port" versus "scheme:"
+is hardly distinguishable (we don't want to limit the length of hostnames),
+and we don't allocate the scheme anymore while parsing, let's simply decline
+unrecognized schemes (overlong or not) and be caught by the no-handler case
+if there really is no proxy handler interested.
+
+
+Submitted by: rpluem, ylavic
+Reviewed by: ylavic, covener, icing
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887118 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:httpd-2.4.43 don`t have should_send_brigade function
+Reference:https://github.com/apache/httpd/commit/9f7d27dad
+
+---
+ modules/proxy/mod_proxy_http.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index 14f94b1..ada5ae0 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -2120,11 +2120,6 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
+         is_ssl = 0;
+     }
+     if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') {
+-        if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
+-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
+-                          "overlong proxy URL scheme in %s", url);
+-            return HTTP_BAD_REQUEST;
+-        }
+         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113)
+                       "HTTP: declining URL %s", url);
+         return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
+-- 
+2.33.0
+

httpd.spec

@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.43
-Release:          26
+Release:          27
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -125,6 +125,7 @@ Patch71:          backport-CVE-2024-38476-add-ap_set_content_type_ex-to-differen
 Patch72:          backport-CVE-2024-38477-validate-hostsname.patch
 Patch73:          backport-CVE-2024-39884-maintain-trusted-flag.patch
 Patch74:          backport-CVE-2024-40725.patch
+Patch75:          backport-fix-overlong-scheme-check.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -561,6 +562,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Sat Mar 01 2025 chengyechun <chengyechun1@huawei.com> 2.4.43-27
+- Type:bugfix
+- ID:
+- SUG:NA
+- DESC:fix overlong scheme check
+
 * Wed Aug 28 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 2.4.43-26
 - Type:CVE
 - ID:CVE-2024-40725