File apache2-CVE-2024-38473-1.patch of Package apache2.35278
From b10cb2d69184843832d501a615abe3e8e5e256dc Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 24 Jun 2024 17:52:31 +0000
Subject: [PATCH] Merge r1918550 from trunk:
mod_proxy: escape for non-proxypass configuration
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918559 13f79535-47bb-0310-9956-ffa450edef68
---
modules/proxy/mod_proxy.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index c9cef7c44f5..17e39c95b8f 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1314,15 +1314,18 @@ static int proxy_handler(request_rec *r)
}
if (!r->proxyreq) {
+ rc = DECLINED;
/* We may have forced the proxy handler via config or .htaccess */
if (r->handler &&
strncmp(r->handler, "proxy:", 6) == 0 &&
strncmp(r->filename, "proxy:", 6) != 0) {
r->proxyreq = PROXYREQ_REVERSE;
r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+ /* Still need to fixup/canonicalize r->filename */
+ rc = proxy_fixup(r);
}
- else {
- return DECLINED;
+ if (rc != OK) {
+ return rc;
}
} else if (strncmp(r->filename, "proxy:", 6) != 0) {
return DECLINED;