From c0ce3a729218279a6b4b03aab7a71bb8ae9d6259 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Fri, 2 Aug 2019 01:27:37 +0000 Subject: [PATCH] remove request details from error documents (CVE-2019-10092). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864191 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 2 + modules/http/http_protocol.c | 86 +++++++++++------------------------ modules/proxy/mod_proxy.c | 7 +-- modules/proxy/mod_proxy_ftp.c | 5 +- modules/proxy/proxy_util.c | 5 +- 5 files changed, 36 insertions(+), 69 deletions(-) diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 8543fd1..b85e2f7 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -1133,13 +1133,10 @@ static const char *get_canned_error_string(int status, "\">here.

\n", NULL)); case HTTP_USE_PROXY: - return(apr_pstrcat(p, - "

This resource is only accessible " - "through the proxy\n", - ap_escape_html(r->pool, location), - "
\nYou will need to configure " - "your client to use that proxy.

\n", - NULL)); + return("

This resource is only accessible " + "through the proxy\n" + "
\nYou will need to configure " + "your client to use that proxy.

\n"); case HTTP_PROXY_AUTHENTICATION_REQUIRED: case HTTP_UNAUTHORIZED: return("

This server could not verify that you\n" @@ -1155,34 +1152,20 @@ static const char *get_canned_error_string(int status, "error-notes", "

\n")); case HTTP_FORBIDDEN: - s1 = apr_pstrcat(p, - "

You don't have permission to access ", - ap_escape_html(r->pool, r->uri), - "\non this server.
\n", - NULL); - return(add_optional_notes(r, s1, "error-notes", "

\n")); + return(add_optional_notes(r, "

You don't have permission to access this resource.", "error-notes", "

\n")); case HTTP_NOT_FOUND: - return(apr_pstrcat(p, - "

The requested URL ", - ap_escape_html(r->pool, r->uri), - " was not found on this server.

\n", - NULL)); + return("

The requested URL was not found on this server.

\n"); case HTTP_METHOD_NOT_ALLOWED: return(apr_pstrcat(p, "

The requested method ", ap_escape_html(r->pool, r->method), - " is not allowed for the URL ", - ap_escape_html(r->pool, r->uri), - ".

\n", + " is not allowed for this URL.

\n", NULL)); case HTTP_NOT_ACCEPTABLE: - s1 = apr_pstrcat(p, - "

An appropriate representation of the " - "requested resource ", - ap_escape_html(r->pool, r->uri), - " could not be found on this server.

\n", - NULL); - return(add_optional_notes(r, s1, "variant-list", "")); + return(add_optional_notes(r, + "

An appropriate representation of the requested resource " + "could not be found on this server.

\n", + "variant-list", "")); case HTTP_MULTIPLE_CHOICES: return(add_optional_notes(r, "", "variant-list", "")); case HTTP_LENGTH_REQUIRED: @@ -1193,18 +1176,13 @@ static const char *get_canned_error_string(int status, NULL); return(add_optional_notes(r, s1, "error-notes", "

\n")); case HTTP_PRECONDITION_FAILED: - return(apr_pstrcat(p, - "

The precondition on the request " - "for the URL ", - ap_escape_html(r->pool, r->uri), - " evaluated to false.

\n", - NULL)); + return("

The precondition on the request " + "for this URL evaluated to false.

\n"); case HTTP_NOT_IMPLEMENTED: s1 = apr_pstrcat(p, "

", - ap_escape_html(r->pool, r->method), " to ", - ap_escape_html(r->pool, r->uri), - " not supported.
\n", + ap_escape_html(r->pool, r->method), " ", + " not supported for current URL.
\n", NULL); return(add_optional_notes(r, s1, "error-notes", "

\n")); case HTTP_BAD_GATEWAY: @@ -1212,29 +1190,19 @@ static const char *get_canned_error_string(int status, "response from an upstream server.
" CRLF; return(add_optional_notes(r, s1, "error-notes", "

\n")); case HTTP_VARIANT_ALSO_VARIES: - return(apr_pstrcat(p, - "

A variant for the requested " - "resource\n

\n",
-                           ap_escape_html(r->pool, r->uri),
-                           "\n
\nis itself a negotiable resource. " - "This indicates a configuration error.

\n", - NULL)); + return("

A variant for the requested " + "resource\n

\n"
+               "\n
\nis itself a negotiable resource. " + "This indicates a configuration error.

\n"); case HTTP_REQUEST_TIME_OUT: return("

Server timeout waiting for the HTTP request from the client.

\n"); case HTTP_GONE: - return(apr_pstrcat(p, - "

The requested resource
", - ap_escape_html(r->pool, r->uri), - "
\nis no longer available on this server " - "and there is no forwarding address.\n" - "Please remove all references to this " - "resource.

\n", - NULL)); + return("

The requested resource is no longer available on this server" + " and there is no forwarding address.\n" + "Please remove all references to this resource.

\n"); case HTTP_REQUEST_ENTITY_TOO_LARGE: return(apr_pstrcat(p, - "The requested resource
", - ap_escape_html(r->pool, r->uri), "
\n", - "does not allow request data with ", + "The requested resource does not allow request data with ", ap_escape_html(r->pool, r->method), " requests, or the amount of data provided in\n" "the request exceeds the capacity limit.\n", @@ -1318,11 +1286,9 @@ static const char *get_canned_error_string(int status, "the Server Name Indication (SNI) in use for this\n" "connection.

\n"); case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS: - s1 = apr_pstrcat(p, - "

Access to ", ap_escape_html(r->pool, r->uri), - "\nhas been denied for legal reasons.
\n", - NULL); - return(add_optional_notes(r, s1, "error-notes", "

\n")); + return(add_optional_notes(r, + "

Access to this URL has been denied for legal reasons.
\n", + "error-notes", "

\n")); default: /* HTTP_INTERNAL_SERVER_ERROR */ /* * This comparison to expose error-notes could be modified to diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 2336496..e6120d2 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1049,9 +1049,10 @@ static int proxy_handler(request_rec *r) char *end; maxfwd = apr_strtoi64(str, &end, 10); if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) { - return ap_proxyerror(r, HTTP_BAD_REQUEST, - apr_psprintf(r->pool, - "Max-Forwards value '%s' could not be parsed", str)); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO() + "Max-Forwards value '%s' could not be parsed", str); + return ap_proxyerror(r, HTTP_BAD_REQUEST, + "Max-Forwards request header could not be parsed"); } else if (maxfwd == 0) { switch (r->method_number) { diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c index 4a10987..8f6f853 100644 --- a/modules/proxy/mod_proxy_ftp.c +++ b/modules/proxy/mod_proxy_ftp.c @@ -1024,8 +1024,9 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, /* We break the URL into host, port, path-search */ if (r->parsed_uri.hostname == NULL) { if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) { - return ap_proxyerror(r, HTTP_BAD_REQUEST, - apr_psprintf(p, "URI cannot be parsed: %s", url)); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO() + "URI cannot be parsed: %s", url); + return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed"); } connectname = uri.hostname; connectport = uri.port; diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 7b76144..4f6c458 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -364,12 +364,9 @@ PROXY_DECLARE(char *) PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message) { - const char *uri = ap_escape_html(r->pool, r->uri); apr_table_setn(r->notes, "error-notes", apr_pstrcat(r->pool, - "The proxy server could not handle the request ", ap_escape_html(r->pool, r->method), " ", uri, - ".

\n" + "The proxy server could not handle the request

" "Reason: ", ap_escape_html(r->pool, message), "

", NULL));