File apache2-CVE-2021-30641.patch of Package apache2.27541

Index: httpd-2.4.43/server/request.c
===================================================================
--- httpd-2.4.43.orig/server/request.c	2021-06-11 14:39:38.905880286 +0200
+++ httpd-2.4.43/server/request.c	2021-06-11 14:39:38.993880785 +0200
@@ -1422,7 +1422,20 @@ AP_DECLARE(int) ap_location_walk(request
 
     cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
     cached = (cache->cached != NULL);
-    entry_uri = r->uri;
+
+   /*
+    * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
+    * have not been merged. But for Location walks we always go with merged
+    * slashes no matter what merge_slashes is set to.
+    */
+    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+        entry_uri = r->uri;
+    }
+    else {
+        char *uri = apr_pstrdup(r->pool, r->uri);
+        ap_no2slash(uri);
+        entry_uri = uri;
+    }
 
     /* If we have an cache->cached location that matches r->uri,
      * and the vhost's list of locations hasn't changed, we can skip
@@ -1489,7 +1502,7 @@ AP_DECLARE(int) ap_location_walk(request
                     pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
                 }
 
-                if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
+                if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
                     continue;
                 }
 
@@ -1499,7 +1512,7 @@ AP_DECLARE(int) ap_location_walk(request
                         apr_table_setn(r->subprocess_env,
                                        ((const char **)entry_core->refs->elts)[i],
                                        apr_pstrndup(r->pool,
-                                       entry_uri + pmatch[i].rm_so,
+                                       r->uri + pmatch[i].rm_so,
                                        pmatch[i].rm_eo - pmatch[i].rm_so));
                     }
                 }
openSUSE Build Service is sponsored by