packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
httpd/backport-CVE-2024-38473-fix-the-filename-redirected.patch
chengyechun 79f40ecd97 fix some CVEs
2024-07-09 09:55:24 +08:00

205 lines
6.7 KiB
Diff
Raw Permalink Blame History

From 4326d6b9041a3bcb9b529f9163d0761c2d760700 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 26 Jun 2024 14:56:47 +0000
Subject: [PATCH] factor out IS_SLASH, perdir fix
in per-dir, the filename will be internally redirected, so / is OK too.
don't add / to / in the non-perdir
match AP_IS_SLASH macro
followup to 1918651
Merges r1918651, r1918652, r1918663 from trunk
Reviewed by: covener, ylavic, rpluem
GH: close #458
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918668 13f79535-47bb-0310-9956-ffa450edef68
Conflict:NA
Reference:https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700
---
include/ap_mmn.h | 3 ++-
include/httpd.h | 11 +++++++++++
modules/mappers/mod_rewrite.c | 11 ++++-------
server/util.c | 31 ++++++++++---------------------
4 files changed, 27 insertions(+), 29 deletions(-)
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index ab88f82..76600b7 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -541,6 +541,7 @@
* flush_max_threshold and flush_max_pipelined to
* core_server_config, and ap_get_read_buf_size().
* 20120211.133 (2.4.60-dev) Add ap_proxy_fixup_uds_filename()
+ * 20120211.134 (2.4.60-dev) AP_SLASHES and AP_IS_SLASH
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -548,7 +549,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20120211
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 133 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 134 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/httpd.h b/include/httpd.h
index f5e64cc..acb4c5f 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -2504,6 +2504,17 @@ AP_DECLARE(const char *)ap_dir_fnmatch(ap_dir_match_t *w, const char *path,
*/
AP_DECLARE(int) ap_is_chunked(apr_pool_t *p, const char *line);
+/* Win32/NetWare/OS2 need to check for both forward and back slashes
+ * in ap_normalize_path() and ap_escape_url().
+ */
+#ifdef CASE_BLIND_FILESYSTEM
+#define AP_IS_SLASH(s) ((s == '/') || (s == '\\'))
+#define AP_SLASHES "/\\"
+#else
+#define AP_IS_SLASH(s) (s == '/')
+#define AP_SLASHES "/"
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 9149023..a0f67a8 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -634,14 +634,11 @@ static unsigned is_absolute_uri(char *uri, int *supportsqs)
static int is_absolute_path(const char *path)
{
-#ifndef WIN32
+#ifndef CASE_BLIND_FILESYSTEM
return (path[0] == '/');
#else
-#define IS_SLASH(c) ((c) == '/' || (c) == '\\')
- /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */
- return ((IS_SLASH(path[0]) && path[1] == path[0])
- || (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2])));
-#undef IS_SLASH
+ return ((AP_IS_SLASH(path[0]) && path[1] == path[0])
+ || (apr_isalpha(path[0]) && path[1] == ':' && AP_IS_SLASH(path[2])));
#endif
}
@@ -4227,11 +4224,11 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)
*/
if (!is_proxyreq
&& !is_absolute_path(newuri)
+ && !AP_IS_SLASH(*newuri)
&& !is_absolute_uri(newuri, NULL)) {
if (ctx->perdir) {
rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
newuri, ctx->perdir, newuri));
-
newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL);
}
else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {
diff --git a/server/util.c b/server/util.c
index 0f05110..1bdfe70 100644
--- a/server/util.c
+++ b/server/util.c
@@ -75,17 +75,6 @@
*/
#include "test_char.h"
-/* Win32/NetWare/OS2 need to check for both forward and back slashes
- * in ap_getparents() and ap_escape_url.
- */
-#ifdef CASE_BLIND_FILESYSTEM
-#define IS_SLASH(s) ((s == '/') || (s == '\\'))
-#define SLASHES "/\\"
-#else
-#define IS_SLASH(s) (s == '/')
-#define SLASHES "/"
-#endif
-
/* we know core's module_index is 0 */
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
@@ -506,8 +495,8 @@ AP_DECLARE(void) ap_getparents(char *name)
l = w = first_dot = next - name;
while (name[l] != '\0') {
- if (name[l] == '.' && IS_SLASH(name[l + 1])
- && (l == 0 || IS_SLASH(name[l - 1])))
+ if (name[l] == '.' && AP_IS_SLASH(name[l + 1])
+ && (l == 0 || AP_IS_SLASH(name[l - 1])))
l += 2;
else
name[w++] = name[l++];
@@ -516,7 +505,7 @@ AP_DECLARE(void) ap_getparents(char *name)
/* b) remove trailing . path, segment */
if (w == 1 && name[0] == '.')
w--;
- else if (w > 1 && name[w - 1] == '.' && IS_SLASH(name[w - 2]))
+ else if (w > 1 && name[w - 1] == '.' && AP_IS_SLASH(name[w - 2]))
w--;
name[w] = '\0';
@@ -524,13 +513,13 @@ AP_DECLARE(void) ap_getparents(char *name)
l = first_dot;
while (name[l] != '\0') {
- if (name[l] == '.' && name[l + 1] == '.' && IS_SLASH(name[l + 2])
- && (l == 0 || IS_SLASH(name[l - 1]))) {
+ if (name[l] == '.' && name[l + 1] == '.' && AP_IS_SLASH(name[l + 2])
+ && (l == 0 || AP_IS_SLASH(name[l - 1]))) {
int m = l + 3, n;
l = l - 2;
if (l >= 0) {
- while (l >= 0 && !IS_SLASH(name[l]))
+ while (l >= 0 && !AP_IS_SLASH(name[l]))
l--;
l++;
}
@@ -548,10 +537,10 @@ AP_DECLARE(void) ap_getparents(char *name)
if (l == 2 && name[0] == '.' && name[1] == '.')
name[0] = '\0';
else if (l > 2 && name[l - 1] == '.' && name[l - 2] == '.'
- && IS_SLASH(name[l - 3])) {
+ && AP_IS_SLASH(name[l - 3])) {
l = l - 4;
if (l >= 0) {
- while (l >= 0 && !IS_SLASH(name[l]))
+ while (l >= 0 && !AP_IS_SLASH(name[l]))
l--;
l++;
}
@@ -1884,7 +1873,7 @@ static int unescape_url(char *url, const char *forbid, const char *reserved)
AP_DECLARE(int) ap_unescape_url(char *url)
{
/* Traditional */
- return unescape_url(url, SLASHES, NULL);
+ return unescape_url(url, AP_SLASHES, NULL);
}
AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes)
{
@@ -1894,7 +1883,7 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes)
return unescape_url(url, NULL, NULL);
} else {
/* reserve (do not decode) encoded slashes */
- return unescape_url(url, NULL, SLASHES);
+ return unescape_url(url, NULL, AP_SLASHES);
}
}
#ifdef NEW_APIS
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink