1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
Description: mod_proxy: Don't prevent forwarding URIs w/ no hostname.
(fix for r1895955 already in 2.4.x)
.
Part not applied:
#--- a/modules/proxy/mod_proxy.h
#+++ b/modules/proxy/mod_proxy.h
#@@ -323,6 +323,8 @@
# #define PROXY_WORKER_HC_FAIL_FLAG 'C'
# #define PROXY_WORKER_HOT_SPARE_FLAG 'R'
#
#+#define AP_PROXY_WORKER_NO_UDS (1u << 3)
#+
# #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \
# PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR | \
# PROXY_WORKER_HC_FAIL )
#--- a/modules/proxy/proxy_util.c
#+++ b/modules/proxy/proxy_util.c
#@@ -1661,9 +1661,11 @@
# return NULL;
# }
#
#- url = ap_proxy_de_socketfy(p, url);
#- if (!url) {
#- return NULL;
#+ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
#+ url = ap_proxy_de_socketfy(p, url);
#+ if (!url) {
#+ return NULL;
#+ }
# }
#
# c = ap_strchr_c(url, ':');
Author: Stefan Eissing <icing@apache.org>
Origin: upstream, https://github.com/apache/httpd/commit/a0521d289
Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-12-21
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -576,9 +576,10 @@
/* Ick... msvc (perhaps others) promotes ternary short results to int */
- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
+ if (conf->req && r->parsed_uri.scheme) {
/* but it might be something vhosted */
- if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
+ if (!r->parsed_uri.hostname
+ || strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
|| !ap_matches_request_vhost(r, r->parsed_uri.hostname,
(apr_port_t)(r->parsed_uri.port_str
? r->parsed_uri.port
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2128,22 +2128,21 @@
access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
if (access_status == DECLINED && *balancer == NULL) {
+ const int forward = (r->proxyreq == PROXYREQ_PROXY);
*worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
if (*worker) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"%s: found worker %s for %s",
(*worker)->s->scheme, (*worker)->s->name, *url);
- *balancer = NULL;
- if (!fix_uds_filename(r, url)) {
+ if (!forward && !fix_uds_filename(r, url)) {
return HTTP_INTERNAL_SERVER_ERROR;
}
access_status = OK;
}
- else if (r->proxyreq == PROXYREQ_PROXY) {
+ else if (forward) {
if (conf->forward) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: found forward proxy worker for %s", *url);
- *balancer = NULL;
*worker = conf->forward;
access_status = OK;
/*
@@ -2157,8 +2156,8 @@
else if (r->proxyreq == PROXYREQ_REVERSE) {
if (conf->reverse) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
- "*: using default reverse proxy worker for %s (no keepalive)", *url);
- *balancer = NULL;
+ "*: using default reverse proxy worker for %s "
+ "(no keepalive)", *url);
*worker = conf->reverse;
access_status = OK;
/*
|
