Overview

File apache2-CVE-2024-39573.patch of Package apache2.36335

Index: httpd-2.4.51/modules/mappers/mod_rewrite.c
===================================================================
--- httpd-2.4.51.orig/modules/mappers/mod_rewrite.c
+++ httpd-2.4.51/modules/mappers/mod_rewrite.c
@@ -4212,6 +4212,32 @@ static int apply_rewrite_rule(rewriterul
         return 2;
     }
 
+    /* Add the previously stripped per-directory location prefix, unless
+     * (1) it's an absolute URL path and
+     * (2) it's a full qualified URL
+     */
+    if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {
+        if (ctx->perdir) {
+            rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
+                       newuri, ctx->perdir, newuri));
+
+            newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL);
+        }
+        else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {
+            /* Not an absolute URI-path and the scheme (if any) is unknown,
+             * and it won't be passed to fully_qualify_uri() below either,
+             * so add an implicit '/' prefix. This avoids potentially a common
+             * rule like "RewriteRule ^/some/path(.*) $1" that is given a path
+             * like "/some/pathscheme:..." to produce the fully qualified URL
+             * "scheme:..." which could be misinterpreted later.
+             */
+            rewritelog((r, 3, ctx->perdir, "add root prefix: %s -> /%s",
+                       newuri, newuri));
+
+            newuri = apr_pstrcat(r->pool, "/", newuri, NULL);
+        }
+    }
+
     /* Now adjust API's knowledge about r->filename and r->args */
     r->filename = newuri;
 
@@ -4223,18 +4249,6 @@ static int apply_rewrite_rule(rewriterul
                           p->flags & RULEFLAG_QSDISCARD, 
                           p->flags & RULEFLAG_QSLAST);
 
-    /* Add the previously stripped per-directory location prefix, unless
-     * (1) it's an absolute URL path and
-     * (2) it's a full qualified URL
-     */
-    if (   ctx->perdir && !is_proxyreq && *r->filename != '/'
-        && !is_absolute_uri(r->filename, NULL)) {
-        rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
-                    r->filename, ctx->perdir, r->filename));
-
-        r->filename = apr_pstrcat(r->pool, ctx->perdir, r->filename, NULL);
-    }
-
     /* If this rule is forced for proxy throughput
      * (`RewriteRule ... ... [P]') then emulate mod_proxy's
      * URL-to-filename handler to be sure mod_proxy is triggered
openSUSE Build Service is sponsored by
Places