File apache2-CVE-2019-0220.patch of Package apache2.11277

Index: httpd-2.4.33/server/core.c
===================================================================
--- httpd-2.4.33.orig/server/core.c	2019-04-02 16:19:19.749373816 +0200
+++ httpd-2.4.33/server/core.c	2019-04-02 16:20:17.197652884 +0200
@@ -490,6 +490,7 @@ static void *create_core_server_config(a
 
     conf->protocols = apr_array_make(a, 5, sizeof(const char *));
     conf->protocols_honor_order = -1;
+    conf->merge_slashes = AP_CORE_CONFIG_UNSET;
     
     return (void *)conf;
 }
@@ -561,6 +562,7 @@ static void *merge_core_server_configs(a
     conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
                                        base->protocols_honor_order :
                                        virt->protocols_honor_order);
+    AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
     
     return conf;
 }
@@ -1869,6 +1871,13 @@ static const char *set_qualify_redirect_
     return NULL;
 }
 
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+    return ap_set_flag_slot(cmd, conf, flag);
+}
+
 static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
 {
     core_dir_config *d = d_;
@@ -4587,6 +4596,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", s
                 "'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
 AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
                 "Registers non-standard HTTP methods"),
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
+             (void *)APR_OFFSETOF(core_server_config, merge_slashes),
+             RSRC_CONF,
+             "Controls whether consecutive slashes in the URI path are merged"),
 { NULL }
 };
 
Index: httpd-2.4.33/include/httpd.h
===================================================================
--- httpd-2.4.33.orig/include/httpd.h	2019-04-02 16:19:19.797374052 +0200
+++ httpd-2.4.33/include/httpd.h	2019-04-02 16:20:17.197652884 +0200
@@ -1697,12 +1697,22 @@ AP_DECLARE(int) ap_unescape_url_keep2f(c
 AP_DECLARE(int) ap_unescape_urlencoded(char *query);
 
 /**
- * Convert all double slashes to single slashes
- * @param name The string to convert
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert, assumed to be a filesystem path
  */
 AP_DECLARE(void) ap_no2slash(char *name);
 
 /**
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
+ *        ignored.
+ */
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
+
+/**
  * Remove all ./ and xx/../ substrings from a file name. Also remove
  * any leading ../ or /../ substrings.
  * @param name the file name to parse
Index: httpd-2.4.33/include/http_core.h
===================================================================
--- httpd-2.4.33.orig/include/http_core.h	2019-04-02 16:19:19.753373836 +0200
+++ httpd-2.4.33/include/http_core.h	2019-04-02 16:19:19.869374404 +0200
@@ -750,7 +750,7 @@ typedef struct {
 #define AP_HTTP_METHODS_LENIENT       1
 #define AP_HTTP_METHODS_REGISTERED    2
     char http_methods;
-
+    unsigned int merge_slashes;
 } core_server_config;
 
 /* for AddOutputFiltersByType in core.c */
Index: httpd-2.4.33/server/util.c
===================================================================
--- httpd-2.4.33.orig/server/util.c	2017-10-10 13:25:14.000000000 +0200
+++ httpd-2.4.33/server/util.c	2019-04-02 16:20:00.277570868 +0200
@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *nam
         name[l] = '\0';
     }
 }
-
-AP_DECLARE(void) ap_no2slash(char *name)
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
 {
+
     char *d, *s;
 
+    if (!name || !*name) {
+        return;
+    }
+
     s = d = name;
 
 #ifdef HAVE_UNC_PATHS
     /* Check for UNC names.  Leave leading two slashes. */
-    if (s[0] == '/' && s[1] == '/')
+    if (is_fs_path && s[0] == '/' && s[1] == '/')
         *d++ = *s++;
 #endif
 
@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
     *d = '\0';
 }
 
+AP_DECLARE(void) ap_no2slash(char *name)
+{
+    ap_no2slash_ex(name, 1);
+}
 
 /*
  * copy at most n leading directories of s into d
Index: httpd-2.4.33/server/request.c
===================================================================
--- httpd-2.4.33.orig/server/request.c	2019-04-02 16:19:19.617373171 +0200
+++ httpd-2.4.33/server/request.c	2019-04-02 16:20:17.197652884 +0200
@@ -170,6 +170,8 @@ AP_DECLARE(int) ap_process_request_inter
     int file_req = (r->main && r->filename);
     int access_status;
     core_dir_config *d;
+    core_server_config *sconf =
+        ap_get_core_module_config(r->server->module_config);
 
     /* Ignore embedded %2F's in path for proxy requests */
     if (!r->proxyreq && r->parsed_uri.path) {
@@ -194,6 +196,12 @@ AP_DECLARE(int) ap_process_request_inter
     }
 
     ap_getparents(r->uri);     /* OK --- shrinking transformations... */
+    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+        ap_no2slash(r->uri);
+        if (r->parsed_uri.path) {
+            ap_no2slash(r->parsed_uri.path);
+        }
+     }
 
     /* All file subrequests are a huge pain... they cannot bubble through the
      * next several steps.  Only file subrequests are allowed an empty uri,
@@ -1414,20 +1422,7 @@ AP_DECLARE(int) ap_location_walk(request
 
     cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
     cached = (cache->cached != NULL);
-
-    /* Location and LocationMatch differ on their behaviour w.r.t. multiple
-     * slashes.  Location matches multiple slashes with a single slash,
-     * LocationMatch doesn't.  An exception, for backwards brokenness is
-     * absoluteURIs... in which case neither match multiple slashes.
-     */
-    if (r->uri[0] != '/') {
-        entry_uri = r->uri;
-    }
-    else {
-        char *uri = apr_pstrdup(r->pool, r->uri);
-        ap_no2slash(uri);
-        entry_uri = uri;
-    }
+    entry_uri = r->uri;
 
     /* If we have an cache->cached location that matches r->uri,
      * and the vhost's list of locations hasn't changed, we can skip
@@ -1494,7 +1489,7 @@ AP_DECLARE(int) ap_location_walk(request
                     pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
                 }
 
-                if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+                if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
                     continue;
                 }
 
@@ -1504,7 +1499,7 @@ AP_DECLARE(int) ap_location_walk(request
                         apr_table_setn(r->subprocess_env,
                                        ((const char **)entry_core->refs->elts)[i],
                                        apr_pstrndup(r->pool,
-                                       r->uri + pmatch[i].rm_so,
+                                       entry_uri + pmatch[i].rm_so,
                                        pmatch[i].rm_eo - pmatch[i].rm_so));
                     }
                 }