File apache2-CVE-2021-30641.patch of Package apache2.27541
Index: httpd-2.4.43/server/request.c
===================================================================
--- httpd-2.4.43.orig/server/request.c 2021-06-11 14:39:38.905880286 +0200
+++ httpd-2.4.43/server/request.c 2021-06-11 14:39:38.993880785 +0200
@@ -1422,7 +1422,20 @@ AP_DECLARE(int) ap_location_walk(request
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
cached = (cache->cached != NULL);
- entry_uri = r->uri;
+
+ /*
+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
+ * have not been merged. But for Location walks we always go with merged
+ * slashes no matter what merge_slashes is set to.
+ */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ entry_uri = r->uri;
+ }
+ else {
+ char *uri = apr_pstrdup(r->pool, r->uri);
+ ap_no2slash(uri);
+ entry_uri = uri;
+ }
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
@@ -1489,7 +1502,7 @@ AP_DECLARE(int) ap_location_walk(request
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
}
- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
continue;
}
@@ -1499,7 +1512,7 @@ AP_DECLARE(int) ap_location_walk(request
apr_table_setn(r->subprocess_env,
((const char **)entry_core->refs->elts)[i],
apr_pstrndup(r->pool,
- entry_uri + pmatch[i].rm_so,
+ r->uri + pmatch[i].rm_so,
pmatch[i].rm_eo - pmatch[i].rm_so));
}
}