From: Eric Covener <covener@apache.org>
Date: Tue, 25 Jun 2024 17:29:06 +0000 (+0000)
Subject: validate hostname
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f87e8c5c668c755b4f2af865e1c33d98bee4b654;p=thirdparty%2Fapache%2Fhttpd.git

validate hostname


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918606 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 5dbc8b05a99..46cc4e2068d 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -3108,6 +3108,13 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r,
                              apr_pstrcat(p,"URI cannot be parsed: ", *url,
                                          NULL));
     }
+
+    if (!uri->hostname) {
+        return ap_proxyerror(r, HTTP_BAD_REQUEST,
+                             apr_pstrcat(p,"URI has no hostname: ", *url,
+                                         NULL));
+    }
+
     if (!uri->port) {
         uri->port = ap_proxy_port_of_scheme(uri->scheme);
     }
@@ -4530,6 +4537,10 @@ PROXY_DECLARE(int) ap_proxy_create_hdrbrgd(apr_pool_t *p,
 
     /* Compute Host header */
     if (dconf->preserve_host == 0) {
+        if (!uri->hostname) {
+            rc = HTTP_BAD_REQUEST;
+            goto cleanup;
+        }
         if (ap_strchr_c(uri->hostname, ':')) { /* if literal IPv6 address */
             if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) {
                 host = apr_pstrcat(r->pool, "[", uri->hostname, "]:",