From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 24 Jun 2020 12:11:08 +0000 (+0000)
Subject: Follow up to r1879079: fail early if URI path resolves above root.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1336
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb24229d58bbb90ed6d19f4e5fc77011b4a7198d;p=thirdparty%2Fapache%2Fhttpd.git

Follow up to r1879079: fail early if URI path resolves above root.

Don't let it through as "/".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879147 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/request.c b/server/request.c
index 4ba347ae40c..4d1f4cb11c5 100644
--- a/server/request.c
+++ b/server/request.c
@@ -192,15 +192,16 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
     int file_req = (r->main && r->filename);
     core_server_config *sconf =
         ap_get_core_module_config(r->server->module_config);
-    unsigned int normalize_flags = 0;
+    unsigned int normalize_flags;
 
+    normalize_flags = AP_NORMALIZE_NOT_ABOVE_ROOT;
+    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { 
+        normalize_flags |= AP_NORMALIZE_MERGE_SLASHES;
+    }
     if (file_req) {
         /* File subrequests can have a relative path. */
         normalize_flags |= AP_NORMALIZE_ALLOW_RELATIVE;
     }
-    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { 
-        normalize_flags |= AP_NORMALIZE_MERGE_SLASHES;
-    }
 
     if (r->parsed_uri.path) {
         /* Normalize: remove /./ and shrink /../ segments, plus