From 9f7d27daddf1c1df1f6f6b56c756c04fe51470b5 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Tue, 2 Mar 2021 20:50:40 +0000 Subject: [PATCH] Merge r1886141, r1886151 from trunk: * We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14) later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true for requests with the CONNECT method which we need to decline. But in many cases requests with the CONNECT method have (u - url) > 14 as in this case (u - url) is the length of the FQDN the forward proxy should connect to. mod_proxy_http: follow up to r1886141, axe overlong scheme check. Since mod_proxy can see CONNECT URIs, "hostname:port" versus "scheme:" is hardly distinguishable (we don't want to limit the length of hostnames), and we don't allocate the scheme anymore while parsing, let's simply decline unrecognized schemes (overlong or not) and be caught by the no-handler case if there really is no proxy handler interested. Submitted by: rpluem, ylavic Reviewed by: ylavic, covener, icing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1887118 13f79535-47bb-0310-9956-ffa450edef68 Conflict:httpd-2.4.43 don`t have should_send_brigade function Reference:https://github.com/apache/httpd/commit/9f7d27dad --- modules/proxy/mod_proxy_http.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 14f94b1..ada5ae0 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -2120,11 +2120,6 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, is_ssl = 0; } if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') { - if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262) - "overlong proxy URL scheme in %s", url); - return HTTP_BAD_REQUEST; - } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113) "HTTP: declining URL %s", url); return DECLINED; /* only interested in HTTP, WS or FTP via proxy */ -- 2.33.0