mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-02-16 05:11:59 +01:00
37 lines
1.4 KiB
Diff
37 lines
1.4 KiB
Diff
Index: modules/proxy/mod_proxy.c
|
|
===================================================================
|
|
--- httpd-2.2.21/modules/proxy/mod_proxy.c (revision 1179633)
|
|
+++ httpd-2.2.21/modules/proxy/mod_proxy.c (working copy)
|
|
@@ -566,6 +566,13 @@
|
|
return OK;
|
|
}
|
|
|
|
+ /* Check that the URI is valid. */
|
|
+ if (!r->uri || r->uri[0] != '/') {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
|
+ "Invalid URI in request %s", r->the_request);
|
|
+ return HTTP_BAD_REQUEST;
|
|
+ }
|
|
+
|
|
/* XXX: since r->uri has been manipulated already we're not really
|
|
* compliant with RFC1945 at this point. But this probably isn't
|
|
* an issue because this is a hybrid proxy/origin server.
|
|
Index: modules/mappers/mod_rewrite.c
|
|
===================================================================
|
|
--- httpd-2.2.21/modules/mappers/mod_rewrite.c (revision 1179633)
|
|
+++ httpd-2.2.21/modules/mappers/mod_rewrite.c (working copy)
|
|
@@ -4266,6 +4266,13 @@
|
|
return DECLINED;
|
|
}
|
|
|
|
+ /* Check that the URI is valid. */
|
|
+ if (!r->uri || r->uri[0] != '/') {
|
|
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
|
|
+ "Invalid URI in request %s", r->the_request);
|
|
+ return HTTP_BAD_REQUEST;
|
|
+ }
|
|
+
|
|
/*
|
|
* add the SCRIPT_URL variable to the env. this is a bit complicated
|
|
* due to the fact that apache uses subrequests and internal redirects
|