Projects
Eulaceura:Factory
httpd
_service:obs_scm:backport-CVE-2024-38473-mod_pr...
Sign Up
Log In
Username
Password
Sorry, you are not authorized to perform this action.
×
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:backport-CVE-2024-38473-mod_proxy-escape-for-non-proxypass-configuration.patch of Package httpd
From b10cb2d69184843832d501a615abe3e8e5e256dc Mon Sep 17 00:00:00 2001 From: Eric Covener <covener@apache.org> Date: Mon, 24 Jun 2024 17:52:31 +0000 Subject: [PATCH] Merge r1918550 from trunk: mod_proxy: escape for non-proxypass configuration git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918559 13f79535-47bb-0310-9956-ffa450edef68 Conflict:NA Reference:https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc --- modules/proxy/mod_proxy.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 537c3c2..34c1ceb 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1296,15 +1296,18 @@ static int proxy_handler(request_rec *r) } if (!r->proxyreq) { + rc = DECLINED; /* We may have forced the proxy handler via config or .htaccess */ if (r->handler && strncmp(r->handler, "proxy:", 6) == 0 && strncmp(r->filename, "proxy:", 6) != 0) { r->proxyreq = PROXYREQ_REVERSE; r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); + /* Still need to fixup/canonicalize r->filename */ + rc = proxy_fixup(r); } - else { - return DECLINED; + if (rc != OK) { + return rc; } } else if (strncmp(r->filename, "proxy:", 6) != 0) { return DECLINED; -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2