]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ed99ef0)
fix `rewritecond expr` regression in 2.4.64
authorEric Covener <covener@apache.org>
Mon, 21 Jul 2025 11:12:44 +0000 (11:12 +0000)
committerEric Covener <covener@apache.org>
Mon, 21 Jul 2025 11:12:44 +0000 (11:12 +0000)
  *) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
     always evaluates to true in 2.4.64 (cve.mitre.org)
     A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
     expr ..." tests evaluating as "true".
     Users are recommended to upgrade to version 2.4.65, which fixes
     the issue.

Reviewed By: covener, ylavic, gbechis, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927361 13f79535-47bb-0310-9956-ffa450edef68

modules/mappers/mod_rewrite.c patch | blob | blame | history

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index f9fcd61400fdb8b425e2207558b2c9470849f006..ae0ceda05087cce8d28f63d932fa039222ac37f3 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4276,8 +4276,9 @@ test_str_l:
                 rc = COND_RC_NOMATCH;
             }
             else {
-                rc = COND_RC_MATCH;
+                rc = (rc > 0) ? COND_RC_MATCH : COND_RC_NOMATCH;
             }
+
             /* update briRC backref info */
             if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
                 ctx->briRC.source = source;
Mirror of https://github.com/apache/httpd.git