Blob Blame History Raw
From c0ce3a729218279a6b4b03aab7a71bb8ae9d6259 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Fri, 2 Aug 2019 01:27:37 +0000
Subject: [PATCH] remove request details from error documents (CVE-2019-10092).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864191 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                       |  2 +
 modules/http/http_protocol.c  | 86 +++++++++++------------------------
 modules/proxy/mod_proxy.c     |  7 +--
 modules/proxy/mod_proxy_ftp.c |  5 +-
 modules/proxy/proxy_util.c    |  5 +-
 5 files changed, 36 insertions(+), 69 deletions(-)

diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 8543fd1..b85e2f7 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1133,13 +1133,10 @@ static const char *get_canned_error_string(int status,
                            "\">here</a>.</p>\n",
                            NULL));
     case HTTP_USE_PROXY:
-        return(apr_pstrcat(p,
-                           "<p>This resource is only accessible "
-                           "through the proxy\n",
-                           ap_escape_html(r->pool, location),
-                           "<br />\nYou will need to configure "
-                           "your client to use that proxy.</p>\n",
-                           NULL));
+        return("<p>This resource is only accessible "
+               "through the proxy\n"
+               "<br />\nYou will need to configure "
+               "your client to use that proxy.</p>\n");
     case HTTP_PROXY_AUTHENTICATION_REQUIRED:
     case HTTP_UNAUTHORIZED:
         return("<p>This server could not verify that you\n"
@@ -1155,34 +1152,20 @@ static const char *get_canned_error_string(int status,
                                   "error-notes",
                                   "</p>\n"));
     case HTTP_FORBIDDEN:
-        s1 = apr_pstrcat(p,
-                         "<p>You don't have permission to access ",
-                         ap_escape_html(r->pool, r->uri),
-                         "\non this server.<br />\n",
-                         NULL);
-        return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+        return(add_optional_notes(r, "<p>You don't have permission to access this resource.", "error-notes", "</p>\n"));
     case HTTP_NOT_FOUND:
-        return(apr_pstrcat(p,
-                           "<p>The requested URL ",
-                           ap_escape_html(r->pool, r->uri),
-                           " was not found on this server.</p>\n",
-                           NULL));
+        return("<p>The requested URL was not found on this server.</p>\n");
     case HTTP_METHOD_NOT_ALLOWED:
         return(apr_pstrcat(p,
                            "<p>The requested method ",
                            ap_escape_html(r->pool, r->method),
-                           " is not allowed for the URL ",
-                           ap_escape_html(r->pool, r->uri),
-                           ".</p>\n",
+                           " is not allowed for this URL.</p>\n",
                            NULL));
     case HTTP_NOT_ACCEPTABLE:
-        s1 = apr_pstrcat(p,
-                         "<p>An appropriate representation of the "
-                         "requested resource ",
-                         ap_escape_html(r->pool, r->uri),
-                         " could not be found on this server.</p>\n",
-                         NULL);
-        return(add_optional_notes(r, s1, "variant-list", ""));
+        return(add_optional_notes(r, 
+            "<p>An appropriate representation of the requested resource "
+            "could not be found on this server.</p>\n",
+            "variant-list", ""));
     case HTTP_MULTIPLE_CHOICES:
         return(add_optional_notes(r, "", "variant-list", ""));
     case HTTP_LENGTH_REQUIRED:
@@ -1193,18 +1176,13 @@ static const char *get_canned_error_string(int status,
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
     case HTTP_PRECONDITION_FAILED:
-        return(apr_pstrcat(p,
-                           "<p>The precondition on the request "
-                           "for the URL ",
-                           ap_escape_html(r->pool, r->uri),
-                           " evaluated to false.</p>\n",
-                           NULL));
+        return("<p>The precondition on the request "
+               "for this URL evaluated to false.</p>\n");
     case HTTP_NOT_IMPLEMENTED:
         s1 = apr_pstrcat(p,
                          "<p>",
-                         ap_escape_html(r->pool, r->method), " to ",
-                         ap_escape_html(r->pool, r->uri),
-                         " not supported.<br />\n",
+                         ap_escape_html(r->pool, r->method), " ",
+                         " not supported for current URL.<br />\n",
                          NULL);
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
     case HTTP_BAD_GATEWAY:
@@ -1212,29 +1190,19 @@ static const char *get_canned_error_string(int status,
             "response from an upstream server.<br />" CRLF;
         return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
     case HTTP_VARIANT_ALSO_VARIES:
-        return(apr_pstrcat(p,
-                           "<p>A variant for the requested "
-                           "resource\n<pre>\n",
-                           ap_escape_html(r->pool, r->uri),
-                           "\n</pre>\nis itself a negotiable resource. "
-                           "This indicates a configuration error.</p>\n",
-                           NULL));
+        return("<p>A variant for the requested "
+               "resource\n<pre>\n"
+               "\n</pre>\nis itself a negotiable resource. "
+               "This indicates a configuration error.</p>\n");
     case HTTP_REQUEST_TIME_OUT:
         return("<p>Server timeout waiting for the HTTP request from the client.</p>\n");
     case HTTP_GONE:
-        return(apr_pstrcat(p,
-                           "<p>The requested resource<br />",
-                           ap_escape_html(r->pool, r->uri),
-                           "<br />\nis no longer available on this server "
-                           "and there is no forwarding address.\n"
-                           "Please remove all references to this "
-                           "resource.</p>\n",
-                           NULL));
+        return("<p>The requested resource is no longer available on this server"
+               " and there is no forwarding address.\n"
+               "Please remove all references to this resource.</p>\n");
     case HTTP_REQUEST_ENTITY_TOO_LARGE:
         return(apr_pstrcat(p,
-                           "The requested resource<br />",
-                           ap_escape_html(r->pool, r->uri), "<br />\n",
-                           "does not allow request data with ",
+                           "The requested resource does not allow request data with ",
                            ap_escape_html(r->pool, r->method),
                            " requests, or the amount of data provided in\n"
                            "the request exceeds the capacity limit.\n",
@@ -1318,11 +1286,9 @@ static const char *get_canned_error_string(int status,
                "the Server Name Indication (SNI) in use for this\n"
                "connection.</p>\n");
     case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
-        s1 = apr_pstrcat(p,
-                         "<p>Access to ", ap_escape_html(r->pool, r->uri),
-                         "\nhas been denied for legal reasons.<br />\n",
-                         NULL);
-        return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+        return(add_optional_notes(r, 
+               "<p>Access to this URL has been denied for legal reasons.<br />\n",
+               "error-notes", "</p>\n"));
     default:                    /* HTTP_INTERNAL_SERVER_ERROR */
         /*
          * This comparison to expose error-notes could be modified to
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 2336496..e6120d2 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1049,9 +1049,10 @@ static int proxy_handler(request_rec *r)
         char *end;
         maxfwd = apr_strtoi64(str, &end, 10);
         if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
-            return ap_proxyerror(r, HTTP_BAD_REQUEST,
-                    apr_psprintf(r->pool,
-                            "Max-Forwards value '%s' could not be parsed", str));
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO() 
+                          "Max-Forwards value '%s' could not be parsed", str);
+            return ap_proxyerror(r, HTTP_BAD_REQUEST, 
+                          "Max-Forwards request header could not be parsed");
         }
         else if (maxfwd == 0) {
             switch (r->method_number) {
diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
index 4a10987..8f6f853 100644
--- a/modules/proxy/mod_proxy_ftp.c
+++ b/modules/proxy/mod_proxy_ftp.c
@@ -1024,8 +1024,9 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
     /* We break the URL into host, port, path-search */
     if (r->parsed_uri.hostname == NULL) {
         if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
-            return ap_proxyerror(r, HTTP_BAD_REQUEST,
-                apr_psprintf(p, "URI cannot be parsed: %s", url));
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO() 
+                          "URI cannot be parsed: %s", url);
+            return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed");
         }
         connectname = uri.hostname;
         connectport = uri.port;
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 7b76144..4f6c458 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -364,12 +364,9 @@ PROXY_DECLARE(char *)
 
 PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
 {
-    const char *uri = ap_escape_html(r->pool, r->uri);
     apr_table_setn(r->notes, "error-notes",
         apr_pstrcat(r->pool,
-            "The proxy server could not handle the request <em><a href=\"",
-            uri, "\">", ap_escape_html(r->pool, r->method), "&nbsp;", uri,
-            "</a></em>.<p>\n"
+            "The proxy server could not handle the request<p>"
             "Reason: <strong>", ap_escape_html(r->pool, message),
             "</strong></p>",
             NULL));