From: Yann Ylavic Date: Tue, 16 Aug 2016 23:25:44 +0000 (+0000) Subject: Merge r1753592 from trunk: X-Git-Tag: 2.4.24~317 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5852c54eb1eae12532949606d8f1cc7359bac51;p=thirdparty%2Fapache%2Fhttpd.git Merge r1753592 from trunk: * Do not overwrite r->status with access_status if access_status is OK or DONE as in this case r->status might contain the true response code. PR: 59869 Submitted by: rpluem Reviewed by: rpluem, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1756562 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e31f69186ee..ed50f1571f2 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,9 @@ Changes with Apache 2.4.24 *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. [Dominic Scheirlinck , Yann Ylavic] + *) mod_proxy: Correctly consider error response codes by the backend when + processing failonstatus. PR 59869 [Ruediger Pluem] + *) mod_dav: Add dav_get_provider_name() function to obtain the name of the provider from mod_dav. [Graham Leggett] diff --git a/STATUS b/STATUS index aef4d01b330..9958a4f5923 100644 --- a/STATUS +++ b/STATUS @@ -117,14 +117,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_proxy: Correctly consider error response codes by the backend when - processing failonstatus. PR 59869 - Trunk version of patch: - http://svn.apache.org/r1753592 - Backport version for 2.4.x of patch: - Trunk version of patch works (modulo CHANGES) - +1: rpluem, jim, ylavic - *) mod_proxy_balancer: Prevent redirect loops between workers within a balancer by limiting the number of redirects to the number balancer members. PR 59864 diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index cdcda4f32c4..1ab17da1c95 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1255,16 +1255,24 @@ cleanup: * the error page on the proxy or if the error was not generated by the * backend itself but by the proxy e.g. a bad gateway) in order to give * ap_proxy_post_request a chance to act correctly on the status code. + * But only do the above if access_status is not OK and not DONE, because + * in this case r->status might contain the true status and overwriting + * it with OK or DONE would be wrong. */ - saved_status = r->status; - r->status = access_status; - ap_proxy_post_request(worker, balancer, r, conf); - /* - * Only restore r->status if it has not been changed by - * ap_proxy_post_request as we assume that this change was intentional. - */ - if (r->status == access_status) { - r->status = saved_status; + if ((access_status != OK) && (access_status != DONE)) { + saved_status = r->status; + r->status = access_status; + ap_proxy_post_request(worker, balancer, r, conf); + /* + * Only restore r->status if it has not been changed by + * ap_proxy_post_request as we assume that this change was intentional. + */ + if (r->status == access_status) { + r->status = saved_status; + } + } + else { + ap_proxy_post_request(worker, balancer, r, conf); } proxy_run_request_status(&access_status, r);