-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
+ looping RewriteRules when the local path significantly exceeds
+ LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
+
*) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
configured in <Location>, like in 2.2. PR 60458.
[Eric Covener]
rc = apply_rewrite_rule(p, ctx);
if (rc) {
+
+ /* Catch looping rules with pathinfo growing unbounded */
+ if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "RewriteRule '%s' and URI '%s' "
+ "exceeded maximum length (%d)",
+ p->pattern, r->uri, 2*r->server->limit_req_line );
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ return ACTION_STATUS;
+ }
+
/* Regardless of what we do next, we've found a match. Check to see
* if any of the request header fields were involved, and add them
* to the Vary field of the response.
projects / thirdparty / apache / httpd.git / commitdiff
