summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2013-11-09 22:24:58 +0100
committerLars Wendler <polynomial-c@gentoo.org>2013-11-09 22:24:58 +0100
commit7a337a2e295cd0daedf297fefa134a7d8a8ee3ea (patch)
tree15518497cd1692258212a5ff7c989e3e7e3426ad /2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
parentFix runtimedir as well. (diff)
downloadapache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.gz
apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.bz2
apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.zip
Added files for apache-2.4
Diffstat (limited to '2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch')
-rw-r--r--2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
new file mode 100644
index 0000000..e8125d9
--- /dev/null
+++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
@@ -0,0 +1,34 @@
+
+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+reverse proxy configurations by strictly validating the request-URI.
+
+http://svn.apache.org/viewvc?rev=1179239&view=rev
+
+--- httpd-2.2.21/server/protocol.c
++++ httpd-2.2.21/server/protocol.c
+@@ -640,6 +640,25 @@
+
+ ap_parse_uri(r, uri);
+
++ /* RFC 2616:
++ * Request-URI = "*" | absoluteURI | abs_path | authority
++ *
++ * authority is a special case for CONNECT. If the request is not
++ * using CONNECT, and the parsed URI does not have scheme, and
++ * it does not begin with '/', and it is not '*', then, fail
++ * and give a 400 response. */
++ if (r->method_number != M_CONNECT
++ && !r->parsed_uri.scheme
++ && uri[0] != '/'
++ && !(uri[0] == '*' && uri[1] == '\0')) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "invalid request-URI %s", uri);
++ r->args = NULL;
++ r->hostname = NULL;
++ r->status = HTTP_BAD_REQUEST;
++ r->uri = apr_pstrdup(r->pool, uri);
++ }
++
+ if (ll[0]) {
+ r->assbackwards = 0;
+ pro = ll;