From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 3 Feb 2021 11:29:10 +0000 (+0000)
Subject: mod_proxy_http: follow up to r1886141, axe overlong scheme check.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1031
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b872648563c84d2f46447ce636652373095ff07;p=thirdparty%2Fapache%2Fhttpd.git

mod_proxy_http: follow up to r1886141, axe overlong scheme check.

Since mod_proxy can see CONNECT URIs, "hostname:port" versus "scheme:"
is hardly distinguishable (we don't want to limit the length of hostnames),
and we don't allocate the scheme anymore while parsing, let's simply decline
unrecognized schemes (overlong or not) and be caught by the no-handler case
if there really is no proxy handler interested.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886151 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 637fc876090..d32b14e3f0e 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -1907,11 +1907,6 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker,
                       "HTTP: declining URL %s", url);
         return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
     }
-    if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
-                      "overlong proxy URL scheme in %s", url);
-        return HTTP_BAD_REQUEST;
-    }
     if (is_ssl && !ap_proxy_ssl_enable(NULL)) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01112)
                       "HTTP: declining URL %s (mod_ssl not configured?)", url);