diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2013-11-09 22:24:58 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2013-11-09 22:24:58 +0100 |
commit | 7a337a2e295cd0daedf297fefa134a7d8a8ee3ea (patch) | |
tree | 15518497cd1692258212a5ff7c989e3e7e3426ad /2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch | |
parent | Fix runtimedir as well. (diff) | |
download | apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.gz apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.bz2 apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.zip |
Added files for apache-2.4
Diffstat (limited to '2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch')
-rw-r--r-- | 2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch new file mode 100644 index 0000000..e8125d9 --- /dev/null +++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch @@ -0,0 +1,34 @@ + +SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some +reverse proxy configurations by strictly validating the request-URI. + +http://svn.apache.org/viewvc?rev=1179239&view=rev + +--- httpd-2.2.21/server/protocol.c ++++ httpd-2.2.21/server/protocol.c +@@ -640,6 +640,25 @@ + + ap_parse_uri(r, uri); + ++ /* RFC 2616: ++ * Request-URI = "*" | absoluteURI | abs_path | authority ++ * ++ * authority is a special case for CONNECT. If the request is not ++ * using CONNECT, and the parsed URI does not have scheme, and ++ * it does not begin with '/', and it is not '*', then, fail ++ * and give a 400 response. */ ++ if (r->method_number != M_CONNECT ++ && !r->parsed_uri.scheme ++ && uri[0] != '/' ++ && !(uri[0] == '*' && uri[1] == '\0')) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "invalid request-URI %s", uri); ++ r->args = NULL; ++ r->hostname = NULL; ++ r->status = HTTP_BAD_REQUEST; ++ r->uri = apr_pstrdup(r->pool, uri); ++ } ++ + if (ll[0]) { + r->assbackwards = 0; + pro = ll; |