From: Eric Covener <covener@apache.org>
Date: Fri, 27 Sep 2024 13:11:05 +0000 (+0000)
Subject:   *) mod_rewrite: Improve safe question mark detection
X-Git-Tag: 2.4.63-candidate~103
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c91445b7f905587aa86ad552f4a1a3f29345e695;p=thirdparty%2Fapache%2Fhttpd.git

  *) mod_rewrite: Improve safe question mark detection

     Trunk version of patch:
        https://svn.apache.org/r1920566
     Backport version for 2.4.x of patch:
      Trunk version of patch works
      svn merge -c 1920566 ^/httpd/httpd/trunk .
     +1: rpluem, covener, jorton




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1920982 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index ef3e52fb794..0bf44049238 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2442,21 +2442,19 @@ static char *do_expand(char *input, rewrite_ctx *ctx, rewriterule_entry *entry,
             *unsafe_qmark = 0;
 
             /* keep tracking only if interested in the last qmark */
-            if (entry && (entry->flags & RULEFLAG_QSLAST)) {
-                do {
-                    span++;
-                    span += strcspn(input + span, EXPAND_SPECIALS "?");
-                } while (input[span] == '?');
-            }
-            else {
+            if (!entry || !(entry->flags & RULEFLAG_QSLAST)) {
                 unsafe_qmark = NULL;
-                span += strcspn(input + span, EXPAND_SPECIALS);
             }
+
+            /* find the next real special char, any (last) qmark up to
+             * there is safe too
+             */
+            span += strcspn(input + span, EXPAND_SPECIALS);
         }
     }
 
-    /* fast exit */
-    if (inputlen == span) {
+    /* fast path (no specials) */
+    if (span >= inputlen) {
         return apr_pstrmemdup(pool, input, inputlen);
     }
 
@@ -2637,16 +2635,14 @@ static char *do_expand(char *input, rewrite_ctx *ctx, rewriterule_entry *entry,
                 *unsafe_qmark = 0;
 
                 /* keep tracking only if interested in the last qmark */
-                if (entry && (entry->flags & RULEFLAG_QSLAST)) {
-                    do {
-                        span++;
-                        span += strcspn(p + span, EXPAND_SPECIALS "?");
-                    } while (p[span] == '?');
-                }
-                else {
+                if (!entry || !(entry->flags & RULEFLAG_QSLAST)) {
                     unsafe_qmark = NULL;
-                    span += strcspn(p + span, EXPAND_SPECIALS);
                 }
+
+                /* find the next real special char, any (last) qmark up to
+                 * there is safe too
+                 */
+                span += strcspn(p + span, EXPAND_SPECIALS);
             }
         }
         if (span > 0) {