diff options
| author | Yann Ylavic <ylavic@apache.org> | 2023-03-31 00:11:02 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2023-03-31 00:11:02 +0000 |
| commit | 2eceb6a9fe6d90e5092861290c1a2e8beac123fd (patch) | |
| tree | c9a5acd980e1fedc5000904feda681d73b609a2f /modules/http2 | |
| parent | 0a9193072a06dd4893b8874ab5884c828be861da (diff) | |
| download | httpd-2eceb6a9fe6d90e5092861290c1a2e8beac123fd.tar.gz | |
mod_proxy: Check for space/ctrls in nocanon path/urls before forwarding.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908827 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/http2')
| -rw-r--r-- | modules/http2/mod_proxy_http2.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c index 8af0a34165..5abccab097 100644 --- a/modules/http2/mod_proxy_http2.c +++ b/modules/http2/mod_proxy_http2.c @@ -164,26 +164,31 @@ static int proxy_http2_canon(request_rec *r, char *url) path = ap_proxy_canonenc_ex(r->pool, url, (int)strlen(url), enc_path, flags, r->proxyreq); + if (!path) { + return HTTP_BAD_REQUEST; + } search = r->args; } - if (search && *ap_scan_vchar_obstext(search)) { - /* - * We have a raw control character or a ' ' in r->args. - * Correct encoding was missed. - */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412) - "To be forwarded query string contains control " - "characters or spaces"); - return HTTP_FORBIDDEN; - } break; case PROXYREQ_PROXY: path = url; break; } - - if (path == NULL) { - return HTTP_BAD_REQUEST; + /* + * If we have a raw control character or a ' ' in nocanon path or + * r->args, correct encoding was missed. + */ + if (path == url && *ap_scan_vchar_obstext(path)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10420) + "To be forwarded path contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + } + if (search && *ap_scan_vchar_obstext(search)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; } if (port != def_port) { |