From: Eric Covener Date: Wed, 14 Dec 2016 16:27:15 +0000 (+0000) Subject: short-circuit some kinds of looping in RewriteRule. X-Git-Tag: 2.5.0-alpha~909 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=091c89150ac1bdbf91f5b4da7df41d673e55589a;p=thirdparty%2Fapache%2Fhttpd.git short-circuit some kinds of looping in RewriteRule. PR60478 Submitted By: Jeff Wheelouse Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774288 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e8110fe849d..dd9d3da2bed 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of + looping RewriteRules when the local path significantly exceeds + LimitRequestLine. PR 60478. [Jeff Wheelhouse ] + *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is configured in , like in 2.2. PR 60458. [Eric Covener] diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 2abb32e8d50..e026f38ca38 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -4350,6 +4350,17 @@ static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, rc = apply_rewrite_rule(p, ctx); if (rc) { + + /* Catch looping rules with pathinfo growing unbounded */ + if ( strlen( r->filename ) > 2*r->server->limit_req_line ) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "RewriteRule '%s' and URI '%s' " + "exceeded maximum length (%d)", + p->pattern, r->uri, 2*r->server->limit_req_line ); + r->status = HTTP_INTERNAL_SERVER_ERROR; + return ACTION_STATUS; + } + /* Regardless of what we do next, we've found a match. Check to see * if any of the request header fields were involved, and add them * to the Vary field of the response.