Merge r1908095 from trunk:

author Eric Covener <covener@apache.org>

Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)

committer Eric Covener <covener@apache.org>

Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)
author Eric Covener <covener@apache.org>
Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)
committer Eric Covener <covener@apache.org>
Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)
diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c

index 3faf03472bbe3c82b477af9835c3ba1dfc0fedfc..aa299b937a5357fcf145b6cfbe4e21a234ad7657 100644 (file)
--- a/modules/http2/mod_proxy_http2.c
+++ b/modules/http2/mod_proxy_http2.c
@@ -158,6 +158,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
              path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
                                       enc_path, 0, r->proxyreq);
              search = r->args;
+            if (search && *(ap_scan_vchar_obstext(search))) {
+                /*
+                 * We have a raw control character or a ' ' in r->args.
+                 * Correct encoding was missed.
+                 */
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
+                              "To be forwarded query string contains control "
+                              "characters or spaces");
+                return HTTP_FORBIDDEN;
+            }
          }
          break;
      case PROXYREQ_PROXY:
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c

index 943996560e5134ea9e64bcdd4ac13276332ef81e..f6398f193864b38d6265d7ec1e6c636fa609810b 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
          unsigned skip;
          apr_size_t flen;
  
+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
+                          "Rewritten query string contains control "
+                          "characters or spaces");
+            return HTTP_FORBIDDEN;
+        }
+
          if (ACTION_STATUS == rulestatus) {
              int n = r->status;
  
@@ -5013,6 +5024,17 @@ static int hook_fixup(request_rec *r)
      if (rulestatus) {
          unsigned skip;
  
+        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
+                          "Rewritten query string contains control "
+                          "characters or spaces");
+            return HTTP_FORBIDDEN;
+        }
+
          if (ACTION_STATUS == rulestatus) {
              int n = r->status;
  
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c

index 1449acad7334b90dbbe46500ec57095928f4994c..e46bd903a36c683abc07a10594a2235ba5802e68 100644 (file)
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
          path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
                                   r->proxyreq);
          search = r->args;
+        if (search && *(ap_scan_vchar_obstext(search))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
+                           "To be forwarded query string contains control "
+                           "characters or spaces");
+             return HTTP_FORBIDDEN;
+        }
      }
      if (path == NULL)
          return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c

index f6fb6345ae31ef3e525a58dfdffdc7327201410e..7f990084336145ae3e377f7391b45e2c574b2413 100644 (file)
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -106,6 +106,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
          path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
                                   r->proxyreq);
          search = r->args;
+        if (search && *(ap_scan_vchar_obstext(search))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
+                           "To be forwarded query string contains control "
+                           "characters or spaces");
+             return HTTP_FORBIDDEN;
+        }
      }
      if (path == NULL)
          return HTTP_BAD_REQUEST;
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c

index ec4e7fb06b58a5d1df25cbf797accd551a756fb3..51d19a0a21b2dab5cf98eb5d11951cdec9add537 100644 (file)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -125,6 +125,16 @@ static int proxy_http_canon(request_rec *r, char *url)
              path = ap_proxy_canonenc(r->pool, url, strlen(url),
                                       enc_path, 0, r->proxyreq);
              search = r->args;
+            if (search && *(ap_scan_vchar_obstext(search))) {
+                /*
+                 * We have a raw control character or a ' ' in r->args.
+                 * Correct encoding was missed.
+                 */
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
+                              "To be forwarded query string contains control "
+                              "characters or spaces");
+                return HTTP_FORBIDDEN;
+            }
          }
          break;
      case PROXYREQ_PROXY:
diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c

index bcbba42f9a49c5f9bf2fa8af53f6939f0d241560..88f86a49dbb80db429a10a813cf713c7269e4a83 100644 (file)
--- a/modules/proxy/mod_proxy_wstunnel.c
+++ b/modules/proxy/mod_proxy_wstunnel.c
@@ -114,6 +114,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
          path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
                                   r->proxyreq);
          search = r->args;
+        if (search && *(ap_scan_vchar_obstext(search))) {
+            /*
+             * We have a raw control character or a ' ' in r->args.
+             * Correct encoding was missed.
+             */
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
+                          "To be forwarded query string contains control "
+                          "characters or spaces");
+            return HTTP_FORBIDDEN;
+        }
      }
      if (path == NULL)
          return HTTP_BAD_REQUEST;
author	Eric Covener <covener@apache.org>
	Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)
committer	Eric Covener <covener@apache.org>
	Sun, 5 Mar 2023 20:28:43 +0000 (20:28 +0000)
modules/http2/mod_proxy_http2.c		patch \| blob \| blame \| history
modules/mappers/mod_rewrite.c		patch \| blob \| blame \| history
modules/proxy/mod_proxy_ajp.c		patch \| blob \| blame \| history
modules/proxy/mod_proxy_balancer.c		patch \| blob \| blame \| history
modules/proxy/mod_proxy_http.c		patch \| blob \| blame \| history
modules/proxy/mod_proxy_wstunnel.c		patch \| blob \| blame \| history