From eb24229d58bbb90ed6d19f4e5fc77011b4a7198d Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 24 Jun 2020 12:11:08 +0000
Subject: [PATCH] Follow up to r1879079: fail early if URI path resolves above
 root.

Don't let it through as "/".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879147 13f79535-47bb-0310-9956-ffa450edef68
---
 server/request.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/server/request.c b/server/request.c
index 4ba347ae40c..4d1f4cb11c5 100644
--- a/server/request.c
+++ b/server/request.c
@@ -192,15 +192,16 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
     int file_req = (r->main && r->filename);
     core_server_config *sconf =
         ap_get_core_module_config(r->server->module_config);
-    unsigned int normalize_flags = 0;
+    unsigned int normalize_flags;
 
+    normalize_flags = AP_NORMALIZE_NOT_ABOVE_ROOT;
+    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { 
+        normalize_flags |= AP_NORMALIZE_MERGE_SLASHES;
+    }
     if (file_req) {
         /* File subrequests can have a relative path. */
         normalize_flags |= AP_NORMALIZE_ALLOW_RELATIVE;
     }
-    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { 
-        normalize_flags |= AP_NORMALIZE_MERGE_SLASHES;
-    }
 
     if (r->parsed_uri.path) {
         /* Normalize: remove /./ and shrink /../ segments, plus
-- 
2.47.3