Description: mod_proxy: Don't prevent forwarding URIs w/ no hostname.
                (fix for r1895955 already in 2.4.x)
 .
 Part not applied:
 #--- a/modules/proxy/mod_proxy.h
 #+++ b/modules/proxy/mod_proxy.h
 #@@ -323,6 +323,8 @@
 # #define PROXY_WORKER_HC_FAIL_FLAG        'C'
 # #define PROXY_WORKER_HOT_SPARE_FLAG      'R'
 # 
 #+#define AP_PROXY_WORKER_NO_UDS      (1u << 3)
 #+
 # #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \
 # PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR | \
 # PROXY_WORKER_HC_FAIL )
 #--- a/modules/proxy/proxy_util.c
 #+++ b/modules/proxy/proxy_util.c
 #@@ -1661,9 +1661,11 @@
 #         return NULL;
 #     }
 # 
 #-    url = ap_proxy_de_socketfy(p, url);
 #-    if (!url) {
 #-        return NULL;
 #+    if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
 #+        url = ap_proxy_de_socketfy(p, url);
 #+        if (!url) {
 #+            return NULL;
 #+        }
 #     }
 # 
 #     c = ap_strchr_c(url, ':');
Author: Stefan Eissing <icing@apache.org>
Origin: upstream, https://github.com/apache/httpd/commit/a0521d289
Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-12-21

--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -576,9 +576,10 @@
 
     /* Ick... msvc (perhaps others) promotes ternary short results to int */
 
-    if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
+    if (conf->req && r->parsed_uri.scheme) {
         /* but it might be something vhosted */
-        if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
+        if (!r->parsed_uri.hostname
+            || strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
             || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
                                          (apr_port_t)(r->parsed_uri.port_str
                                                       ? r->parsed_uri.port
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2128,22 +2128,21 @@
 
     access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
     if (access_status == DECLINED && *balancer == NULL) {
+        const int forward = (r->proxyreq == PROXYREQ_PROXY);
         *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
         if (*worker) {
             ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
                           "%s: found worker %s for %s",
                           (*worker)->s->scheme, (*worker)->s->name, *url);
-            *balancer = NULL;
-            if (!fix_uds_filename(r, url)) {
+            if (!forward && !fix_uds_filename(r, url)) {
                 return HTTP_INTERNAL_SERVER_ERROR;
             }
             access_status = OK;
         }
-        else if (r->proxyreq == PROXYREQ_PROXY) {
+        else if (forward) {
             if (conf->forward) {
                 ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
                               "*: found forward proxy worker for %s", *url);
-                *balancer = NULL;
                 *worker = conf->forward;
                 access_status = OK;
                 /*
@@ -2157,8 +2156,8 @@
         else if (r->proxyreq == PROXYREQ_REVERSE) {
             if (conf->reverse) {
                 ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
-                              "*: using default reverse proxy worker for %s (no keepalive)", *url);
-                *balancer = NULL;
+                              "*: using default reverse proxy worker for %s "
+                              "(no keepalive)", *url);
                 *worker = conf->reverse;
                 access_status = OK;
                 /*