Description: Fix for CVE-2019-10092
Author: Stefan Eissing
Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1864191
Bug: https://security-tracker.debian.org/tracker/CVE-2019-10092
Forwarded: not-needed
Reviewed-By: Xavier Guimard
This resource is only accessible "
- "through the proxy\n",
- ap_escape_html(r->pool, location),
- "
\nYou will need to configure "
- "your client to use that proxy.
This resource is only accessible "
+ "through the proxy\n"
+ "
\nYou will need to configure "
+ "your client to use that proxy.
This server could not verify that you\n" @@ -1154,34 +1151,20 @@ "error-notes", "
\n")); case HTTP_FORBIDDEN: - s1 = apr_pstrcat(p, - "You don't have permission to access ",
- ap_escape_html(r->pool, r->uri),
- "\non this server.
\n",
- NULL);
- return(add_optional_notes(r, s1, "error-notes", "
You don't have permission to access this resource.", "error-notes", "
\n")); case HTTP_NOT_FOUND: - return(apr_pstrcat(p, - "The requested URL ", - ap_escape_html(r->pool, r->uri), - " was not found on this server.
\n", - NULL)); + return("The requested URL was not found on this server.
\n"); case HTTP_METHOD_NOT_ALLOWED: return(apr_pstrcat(p, "The requested method ", ap_escape_html(r->pool, r->method), - " is not allowed for the URL ", - ap_escape_html(r->pool, r->uri), - ".
\n", + " is not allowed for this URL.\n", NULL)); case HTTP_NOT_ACCEPTABLE: - s1 = apr_pstrcat(p, - "An appropriate representation of the " - "requested resource ", - ap_escape_html(r->pool, r->uri), - " could not be found on this server.
\n", - NULL); - return(add_optional_notes(r, s1, "variant-list", "")); + return(add_optional_notes(r, + "An appropriate representation of the requested resource " + "could not be found on this server.
\n", + "variant-list", "")); case HTTP_MULTIPLE_CHOICES: return(add_optional_notes(r, "", "variant-list", "")); case HTTP_LENGTH_REQUIRED: @@ -1192,18 +1175,13 @@ NULL); return(add_optional_notes(r, s1, "error-notes", "\n")); case HTTP_PRECONDITION_FAILED: - return(apr_pstrcat(p, - "The precondition on the request " - "for the URL ", - ap_escape_html(r->pool, r->uri), - " evaluated to false.
\n", - NULL)); + return("The precondition on the request " + "for this URL evaluated to false.
\n"); case HTTP_NOT_IMPLEMENTED: s1 = apr_pstrcat(p, "",
- ap_escape_html(r->pool, r->method), " to ",
- ap_escape_html(r->pool, r->uri),
- " not supported.
\n",
+ ap_escape_html(r->pool, r->method), " ",
+ " not supported for current URL.
\n",
NULL);
return(add_optional_notes(r, s1, "error-notes", "
A variant for the requested " - "resource\n
\n", - ap_escape_html(r->pool, r->uri), - "\n\nis itself a negotiable resource. " - "This indicates a configuration error.\n", - NULL)); + return("
A variant for the requested " + "resource\n
\n" + "\n\nis itself a negotiable resource. " + "This indicates a configuration error.\n"); case HTTP_REQUEST_TIME_OUT: return("
Server timeout waiting for the HTTP request from the client.
\n"); case HTTP_GONE: - return(apr_pstrcat(p, - "The requested resource
",
- ap_escape_html(r->pool, r->uri),
- "
\nis no longer available on this server "
- "and there is no forwarding address.\n"
- "Please remove all references to this "
- "resource.
The requested resource is no longer available on this server" + " and there is no forwarding address.\n" + "Please remove all references to this resource.
\n"); case HTTP_REQUEST_ENTITY_TOO_LARGE: return(apr_pstrcat(p, - "The requested resourceAccess to ", ap_escape_html(r->pool, r->uri),
- "\nhas been denied for legal reasons.
\n",
- NULL);
- return(add_optional_notes(r, s1, "error-notes", "
Access to this URL has been denied for legal reasons.
\n",
+ "error-notes", "
\n" + "The proxy server could not handle the request
" "Reason: ", ap_escape_html(r->pool, message), "
", NULL));