From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 8 Sep 2021 07:00:09 +0000 (+0000)
Subject: Merge r1892986, r1892987 from trunk:
X-Git-Tag: candidate-2.4.49-rc1~3^2~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4901cb32133bc0e59ad193a29d1665597080d67;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1892986, r1892987 from trunk:

mod_proxy: Follow up to r1892814.

* modules/proxy/proxy_util.c(fix_uds_filename):
  Sanity checks on the configured UDS path, fail with 500 if invalid since
  continuing through proxy processing wouldn't work as expected.



mod_proxy: Follow up to r1892986: APLOGNO()

Stefan get out of this body! :)


Submitted by: ylavic
Reviewed by: rpluem, ylavic, covener

Github: closes #265


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1893101 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 34ffe2d785a..a0897138054 100644
--- a/STATUS
+++ b/STATUS
@@ -146,15 +146,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.4.x patch: svn merge -c 1878092  ^/httpd/httpd/trunk .
      +1: covener, ylavic, jfclere
 
-  *) mod_proxy: Sanity checks on the configured UDS path, fail with 500 if
-     invalid since continuing through proxy processing wouldn't work as expected.
-     Trunk version of patch:
-        https://svn.apache.org/r1892986
-        https://svn.apache.org/r1892987
-     Backport version for 2.4.x of patch:
-       https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/265.diff
-     +1: rpluem, ylavic, covener
-
   *) mod_proxy: Axe unused ap_filter_input_pending in 2.4.x (only) after r1892971.
      2.4.x patch: http://people.apache.org/~ylavic/patches/ap_filter_input_pending-unused.patch
      +1: ylavic, icing,  covener
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index b65859317e7..45ec5f40532 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2275,33 +2275,42 @@ static int ap_proxy_retry_worker(const char *proxy_function, proxy_worker *worke
  * were passed a UDS url (eg: from mod_proxy) and adjust uds_path
  * as required.  
  */
-static void fix_uds_filename(request_rec *r, char **url) 
+static int fix_uds_filename(request_rec *r, char **url) 
 {
-    char *ptr, *ptr2;
-    if (!r || !r->filename) return;
+    char *uds_url = r->filename + 6, *origin_url;
 
     if (!strncmp(r->filename, "proxy:", 6) &&
-            !ap_cstr_casecmpn(r->filename + 6, "unix:", 5) &&
-            (ptr2 = r->filename + 6 + 5, ptr = ap_strchr(ptr2, '|'))) {
+            !ap_cstr_casecmpn(uds_url, "unix:", 5) &&
+            (origin_url = ap_strchr(uds_url + 5, '|'))) {
+        char *uds_path = NULL;
+        apr_size_t url_len;
         apr_uri_t urisock;
         apr_status_t rv;
-        *ptr = '\0';
-        rv = apr_uri_parse(r->pool, ptr2, &urisock);
-        if (rv == APR_SUCCESS) {
-            char *rurl = ptr+1;
-            char *sockpath = ap_runtime_dir_relative(r->pool, urisock.path);
-            apr_table_setn(r->notes, "uds_path", sockpath);
-            *url = apr_pstrdup(r->pool, rurl); /* so we get the scheme for the uds */
-            /* r->filename starts w/ "proxy:", so add after that */
-            memmove(r->filename+6, rurl, strlen(rurl)+1);
-            ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
-                    "*: rewrite of url due to UDS(%s): %s (%s)",
-                    sockpath, *url, r->filename);
+
+        *origin_url = '\0';
+        rv = apr_uri_parse(r->pool, uds_url, &urisock);
+        *origin_url++ = '|';
+
+        if (rv == APR_SUCCESS && urisock.path && !urisock.hostname) {
+            uds_path = ap_runtime_dir_relative(r->pool, urisock.path);
         }
-        else {
-            *ptr = '|';
+        if (!uds_path) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10292)
+                    "Invalid proxy UDS filename (%s)", r->filename);
+            return 0;
         }
+        apr_table_setn(r->notes, "uds_path", uds_path);
+
+        /* Remove the UDS path from *url and r->filename */
+        url_len = strlen(origin_url);
+        *url = apr_pstrmemdup(r->pool, origin_url, url_len);
+        memcpy(uds_url, *url, url_len + 1);
+
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+                "*: rewrite of url due to UDS(%s): %s (%s)",
+                uds_path, *url, r->filename);
     }
+    return 1;
 }
 
 PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
@@ -2319,7 +2328,9 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
                           "%s: found worker %s for %s",
                           (*worker)->s->scheme, (*worker)->s->name, *url);
             *balancer = NULL;
-            fix_uds_filename(r, url);
+            if (!fix_uds_filename(r, url)) {
+                return HTTP_INTERNAL_SERVER_ERROR;
+            }
             access_status = OK;
         }
         else if (r->proxyreq == PROXYREQ_PROXY) {
@@ -2350,7 +2361,9 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
                  * regarding the Connection header in the request.
                  */
                 apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
-                fix_uds_filename(r, url);
+                if (!fix_uds_filename(r, url)) {
+                    return HTTP_INTERNAL_SERVER_ERROR;
+                }
             }
         }
     }