Blame SOURCES/mod_http2-1.15.19-CVE-2023-25690.patch
|
 |
012e4e |
diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c
|
|
|
012e4e |
index 893aa8f..d52d5d9 100644
|
|
|
012e4e |
--- a/mod_http2/mod_proxy_http2.c
|
|
|
012e4e |
+++ b/mod_http2/mod_proxy_http2.c
|
|
|
012e4e |
@@ -154,11 +154,25 @@ static int proxy_http2_canon(request_rec *r, char *url)
|
|
|
012e4e |
if (apr_table_get(r->notes, "proxy-nocanon")) {
|
|
|
012e4e |
path = url; /* this is the raw path */
|
|
|
012e4e |
}
|
|
|
012e4e |
+ else if (apr_table_get(r->notes, "proxy-noencode")) {
|
|
|
012e4e |
+ path = url; /* this is the encoded path already */
|
|
|
012e4e |
+ search = r->args;
|
|
|
012e4e |
+ }
|
|
|
012e4e |
else {
|
|
|
012e4e |
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
|
|
|
012e4e |
enc_path, 0, r->proxyreq);
|
|
|
012e4e |
search = r->args;
|
|
|
012e4e |
}
|
|
|
012e4e |
+ if (search && *ap_scan_vchar_obstext(search)) {
|
|
|
012e4e |
+ /*
|
|
|
012e4e |
+ * We have a raw control character or a ' ' in r->args.
|
|
|
012e4e |
+ * Correct encoding was missed.
|
|
|
012e4e |
+ */
|
|
|
012e4e |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
|
|
|
012e4e |
+ "To be forwarded query string contains control "
|
|
|
012e4e |
+ "characters or spaces");
|
|
|
012e4e |
+ return HTTP_FORBIDDEN;
|
|
|
012e4e |
+ }
|
|
|
012e4e |
break;
|
|
|
012e4e |
case PROXYREQ_PROXY:
|
|
|
012e4e |
path = url;
|