From: Joe Orton <jorton@apache.org>
Date: Fri, 30 Jan 2004 13:19:24 +0000 (+0000)
Subject: * modules/dav/main/mod_dav.c (dav_handler): Reject request if the
X-Git-Tag: 2.0.49~172
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=708a5634bddc992bf23ed25f23cf2239290f74a9;p=thirdparty%2Fapache%2Fhttpd.git

* modules/dav/main/mod_dav.c (dav_handler): Reject request if the
Request-URI includes a fragment part, i.e. an unescaped #.

PR: 21779
Submitted by: Amit Athavale <amit_athavale@lycos.com>
Reviewed by: Joe Orton, Andr�� Malo, Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102462 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 59a2ef34509..b172674ed24 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.49
 
+  *) mod_dav: Reject requests which include an unescaped fragment in the
+     Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]
+
   *) Build array of allowed methods with proper dimensions, fixing
      possible memory corruption.  [Jeff Trawick]
 
diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index 0ca115fffbf..e5790fc7ab3 100644
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -4559,6 +4559,16 @@ static int dav_handler(request_rec *r)
     if (strcmp(r->handler, DAV_HANDLER_NAME) != 0)
         return DECLINED;
 
+    /* Reject requests with an unescaped hash character, as these may
+     * be more destructive than the user intended. */
+    if (r->parsed_uri.fragment != NULL) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                     "buggy client used un-escaped hash in Request-URI");
+        return dav_error_response(r, HTTP_BAD_REQUEST, 
+                                  "The request was invalid: the URI included "
+                                  "an un-escaped hash character");
+    }
+
     /* ### do we need to do anything with r->proxyreq ?? */
 
     /*