httpd/httpd-2.4.37-r1922080.patch

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 94ec87e..16ebd98 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1043,6 +1043,7 @@ static int proxy_handler(request_rec *r)
 
         r->proxyreq = PROXYREQ_REVERSE;
         r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+        apr_table_setn(r->notes, "proxy-sethandler", "1");
 
         /* Still need to fixup/canonicalize r->filename */
         rc = ap_proxy_fixup_uds_filename(r);
@@ -1055,6 +1056,7 @@ static int proxy_handler(request_rec *r)
         }
     }
     else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {
+        apr_table_unset(r->notes, "proxy-sethandler");
         rc = OK;
     }
     if (rc != OK) {
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index f9cf716..fa0b810 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -63,6 +63,8 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
     apr_port_t port, def_port;
     fcgi_req_config_t *rconf = NULL;
     const char *pathinfo_type = NULL;
+    fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,
+                                                 &proxy_fcgi_module);
 
     if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {
         url += 5;
@@ -92,7 +94,29 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
     }
 
-    if (apr_table_get(r->notes, "proxy-nocanon")) {
+    if (apr_table_get(r->notes, "proxy-sethandler")
+        || apr_table_get(r->notes, "proxy-nocanon")){
+
+        char *c = url;
+
+        /* We do not call ap_proxy_canonenc_ex() on the path here, don't
+         * let control characters pass still, and for php-fpm no '?' either.
+         */
+        if (FCGI_MAY_BE_FPM(dconf)) {
+            while (!apr_iscntrl(*c) && *c != '?')
+                c++;
+        }
+        else {
+            while (!apr_iscntrl(*c))
+                c++;
+        }
+        if (*c) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
+                          "To be forwarded path contains control characters%s (%s)",
+                          FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "", url);
+            return HTTP_FORBIDDEN;
+        }
+
         path = url;   /* this is the raw path */
     }
     else {
Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with unicode characters in the name 2025-01-29 15:30:54 +00:00			`diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c`
			`index 94ec87e..16ebd98 100644`
			`--- a/modules/proxy/mod_proxy.c`
			`+++ b/modules/proxy/mod_proxy.c`
			`@@ -1043,6 +1043,7 @@ static int proxy_handler(request_rec *r)`

			`r->proxyreq = PROXYREQ_REVERSE;`
			`r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);`
			`+ apr_table_setn(r->notes, "proxy-sethandler", "1");`

			`/* Still need to fixup/canonicalize r->filename */`
			`rc = ap_proxy_fixup_uds_filename(r);`
			`@@ -1055,6 +1056,7 @@ static int proxy_handler(request_rec *r)`
			`}`
			`}`
			`else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {`
			`+ apr_table_unset(r->notes, "proxy-sethandler");`
			`rc = OK;`
			`}`
			`if (rc != OK) {`
			`diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c`
			`index f9cf716..fa0b810 100644`
			`--- a/modules/proxy/mod_proxy_fcgi.c`
			`+++ b/modules/proxy/mod_proxy_fcgi.c`
			`@@ -63,6 +63,8 @@ static int proxy_fcgi_canon(request_rec r, char url)`
			`apr_port_t port, def_port;`
			`fcgi_req_config_t *rconf = NULL;`
			`const char *pathinfo_type = NULL;`
			`+ fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,`
			`+ &proxy_fcgi_module);`

			`if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {`
			`url += 5;`
			`@@ -92,7 +94,29 @@ static int proxy_fcgi_canon(request_rec r, char url)`
			`host = apr_pstrcat(r->pool, "[", host, "]", NULL);`
			`}`

			`- if (apr_table_get(r->notes, "proxy-nocanon")) {`
			`+ if (apr_table_get(r->notes, "proxy-sethandler")`
			`+ \|\| apr_table_get(r->notes, "proxy-nocanon")){`
			`+`
			`+ char *c = url;`
			`+`
			`+ /* We do not call ap_proxy_canonenc_ex() on the path here, don't`
			`+ * let control characters pass still, and for php-fpm no '?' either.`
			`+ */`
			`+ if (FCGI_MAY_BE_FPM(dconf)) {`
			`+ while (!apr_iscntrl(c) && c != '?')`
			`+ c++;`
			`+ }`
			`+ else {`
			`+ while (!apr_iscntrl(*c))`
			`+ c++;`
			`+ }`
			`+ if (*c) {`
			`+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)`
			`+ "To be forwarded path contains control characters%s (%s)",`
			`+ FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "", url);`
			`+ return HTTP_FORBIDDEN;`
			`+ }`
			`+`
			`path = url; /* this is the raw path */`
			`}`
			`else {`