From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 22 Jun 2020 10:35:50 +0000 (+0000)
Subject: Validate request-target per RFC 7230 section 5.3.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1358
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc55d74fe008b846bf351c454f88d50b85c81dfa;p=thirdparty%2Fapache%2Fhttpd.git

Validate request-target per RFC 7230 section 5.3.

RFC 7230 requires that the request-line URI be absolute, besides
"CONNECT authority-form" and "OPTIONS asterisk-form".

Enforce it in ap_parse_request_line().



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879078 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/protocol.c b/server/protocol.c
index fcfe9ac195e..7b2449650f4 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -640,8 +640,15 @@ AP_CORE_DECLARE(void) ap_parse_uri(request_rec *r, const char *uri)
         }
 
         r->args = r->parsed_uri.query;
-        r->uri = r->parsed_uri.path ? r->parsed_uri.path
-                 : apr_pstrdup(r->pool, "/");
+        if (r->parsed_uri.path) {
+            r->uri = r->parsed_uri.path;
+        }
+        else if (r->method_number == M_OPTIONS) {
+            r->uri = apr_pstrdup(r->pool, "*");
+        }
+        else {
+            r->uri = apr_pstrdup(r->pool, "/");
+        }
 
 #if defined(OS2) || defined(WIN32)
         /* Handle path translations for OS/2 and plug security hole.
@@ -905,6 +912,14 @@ rrl_done:
         r->header_only = 1;
 
     ap_parse_uri(r, uri);
+    if (r->status == HTTP_OK
+            && (r->parsed_uri.path != NULL)
+            && (r->parsed_uri.path[0] != '/')
+            && (r->method_number != M_OPTIONS
+                || strcmp(r->parsed_uri.path, "*") != 0)) {
+        /* Invalid request-target per RFC 7230 section 5.3 */
+        r->status = HTTP_BAD_REQUEST;
+    }
 
     /* With the request understood, we can consider HTTP/0.9 specific errors */
     if (r->proto_num == HTTP_VERSION(0, 9) && deferred_error == rrl_none) {