rpms/httpd
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with

Browse Source 
unicode characters in the name
This commit is contained in:
Luboš Uhliarik 2025-01-29 16:30:54 +01:00
parent 7c8cd94061
commit 07f1920804
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
httpd-2.4.37-r1922080.patch Normal file
View File

@ -0,0 +1,64 @@
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 94ec87e..16ebd98 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1043,6 +1043,7 @@ static int proxy_handler(request_rec *r)
r->proxyreq = PROXYREQ_REVERSE;
r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
+ apr_table_setn(r->notes, "proxy-sethandler", "1");
/* Still need to fixup/canonicalize r->filename */
rc = ap_proxy_fixup_uds_filename(r);
@@ -1055,6 +1056,7 @@ static int proxy_handler(request_rec *r)
}
}
else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {
+ apr_table_unset(r->notes, "proxy-sethandler");
rc = OK;
}
if (rc != OK) {
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index f9cf716..fa0b810 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -63,6 +63,8 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
apr_port_t port, def_port;
fcgi_req_config_t *rconf = NULL;
const char *pathinfo_type = NULL;
+ fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,
+ &proxy_fcgi_module);
if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {
url += 5;
@@ -92,7 +94,29 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
host = apr_pstrcat(r->pool, "[", host, "]", NULL);
}
- if (apr_table_get(r->notes, "proxy-nocanon")) {
+ if (apr_table_get(r->notes, "proxy-sethandler")
+ || apr_table_get(r->notes, "proxy-nocanon")){
+
+ char *c = url;
+
+ /* We do not call ap_proxy_canonenc_ex() on the path here, don't
+ * let control characters pass still, and for php-fpm no '?' either.
+ */
+ if (FCGI_MAY_BE_FPM(dconf)) {
+ while (!apr_iscntrl(*c) && *c != '?')
+ c++;
+ }
+ else {
+ while (!apr_iscntrl(*c))
+ c++;
+ }
+ if (*c) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
+ "To be forwarded path contains control characters%s (%s)",
+ FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "", url);
+ return HTTP_FORBIDDEN;
+ }
+
path = url; /* this is the raw path */
}
else {

10
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.37
Release: 65%{?dist}.2
Release: 65%{?dist}.3
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source2: httpd.logrotate
@ -173,6 +173,8 @@ Patch93: httpd-2.4.37-r1885607.patch
Patch94: httpd-2.4.57-r1884505+.patch
# https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
Patch95: httpd-2.4.37-r1919325.patch
# https://issues.redhat.com/browse/RHEL-56068
Patch96: httpd-2.4.37-r1922080.patch
# Security fixes
Patch200: httpd-2.4.37-r1851471.patch
@ -514,6 +516,8 @@ interface for storing and accessing per-user session data.
%patch246 -p1 -b .CVE-2024-38476
%patch247 -p1 -b .CVE-2024-39884+
%patch96 -p1 -b .r1922080
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
sed -i 's/@RELEASE@/%{release}/' server/core.c
@ -1018,6 +1022,10 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Wed Jan 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.3
- Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with
unicode characters in the name
* Tue Aug 06 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.2
- Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)