File apache2-CVE-2024-38473-1.patch of Package apache2.35278

From b10cb2d69184843832d501a615abe3e8e5e256dc Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 24 Jun 2024 17:52:31 +0000
Subject: [PATCH] Merge r1918550 from trunk:

mod_proxy: escape for non-proxypass configuration



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918559 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/proxy/mod_proxy.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index c9cef7c44f5..17e39c95b8f 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1314,15 +1314,18 @@ static int proxy_handler(request_rec *r)
     }
 
     if (!r->proxyreq) {
+        rc = DECLINED;
         /* We may have forced the proxy handler via config or .htaccess */
         if (r->handler &&
             strncmp(r->handler, "proxy:", 6) == 0 &&
             strncmp(r->filename, "proxy:", 6) != 0) {
             r->proxyreq = PROXYREQ_REVERSE;
             r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+            /* Still need to fixup/canonicalize r->filename */
+            rc = proxy_fixup(r);
         }
-        else {
-            return DECLINED;
+        if (rc != OK) {
+            return rc;
         }
     } else if (strncmp(r->filename, "proxy:", 6) != 0) {
         return DECLINED;
openSUSE Build Service is sponsored by