首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 44

dfh/httpd

forked from src-openEuler/httpd 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
backport-CVE-2024-38473-CVE-2024-39573-block-inadvertent-subst-of-special-filename.patch 3.01 KB
一键复制 编辑 原始数据 按行查看 历史
pojunxing 提交于 2024-07-15 11:20 . fix some CVEs
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
From 93aec0e3ca451bcc97f6d91c14d5399d13a73365 Mon Sep 17 00:00:00 2001

From: Eric Covener <covener@apache.org>

Date: Tue, 25 Jun 2024 15:28:00 +0000

Subject: [PATCH] Merge r1918553 from trunk:



block inadvertent subst of special filenames



+ cosmetic merge conflicts







git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918600 13f79535-47bb-0310-9956-ffa450edef68



Conflict:NA

Reference:https://github.com/apache/httpd/commit/93aec0e3ca451bcc97f6d91c14d5399d13a73365



---

 modules/mappers/mod_rewrite.c | 38 ++++++++++++++++++++++++-----------

 1 file changed, 26 insertions(+), 12 deletions(-)



diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c

index bbcc11b..a231b7c 100644

--- a/modules/mappers/mod_rewrite.c

+++ b/modules/mappers/mod_rewrite.c

@@ -4280,6 +4280,32 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)

         return 2;

     }

 

+    /* Add the previously stripped per-directory location prefix, unless

+     * (1) it's an absolute URL path and

+     * (2) it's a full qualified URL

+     */

+    if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {

+        if (ctx->perdir) {

+            rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",

+                       newuri, ctx->perdir, newuri));

+

+            newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL);

+        }

+        else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {

+            /* Not an absolute URI-path and the scheme (if any) is unknown,

+             * and it won't be passed to fully_qualify_uri() below either,

+             * so add an implicit '/' prefix. This avoids potentially a common

+             * rule like "RewriteRule ^/some/path(.*) $1" that is given a path

+             * like "/some/pathscheme:..." to produce the fully qualified URL

+             * "scheme:..." which could be misinterpreted later.

+             */

+            rewritelog((r, 3, ctx->perdir, "add root prefix: %s -> /%s",

+                       newuri, newuri));

+

+            newuri = apr_pstrcat(r->pool, "/", newuri, NULL);

+        }

+    }

+

     /* Now adjust API's knowledge about r->filename and r->args */

     r->filename = newuri;

 

@@ -4289,18 +4315,6 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)

 

     splitout_queryargs(r, p->flags);

 

-    /* Add the previously stripped per-directory location prefix, unless

-     * (1) it's an absolute URL path and

-     * (2) it's a full qualified URL

-     */

-    if (   ctx->perdir && !is_proxyreq && *r->filename != '/'

-        && !is_absolute_uri(r->filename, NULL)) {

-        rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",

-                    r->filename, ctx->perdir, r->filename));

-

-        r->filename = apr_pstrcat(r->pool, ctx->perdir, r->filename, NULL);

-    }

-

     /* If this rule is forced for proxy throughput

      * (`RewriteRule ... ... [P]') then emulate mod_proxy's

      * URL-to-filename handler to be sure mod_proxy is triggered

-- 

2.33.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化