From 07f1920804f272f30400f77925535c174583992d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Wed, 29 Jan 2025 16:30:54 +0100
Subject: [PATCH] Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files
 with

  unicode characters in the name
---
 httpd-2.4.37-r1922080.patch | 64 +++++++++++++++++++++++++++++++++++++
 httpd.spec                  | 10 +++++-
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 httpd-2.4.37-r1922080.patch

diff --git a/httpd-2.4.37-r1922080.patch b/httpd-2.4.37-r1922080.patch
new file mode 100644
index 0000000..6a81fab
--- /dev/null
+++ b/httpd-2.4.37-r1922080.patch
@@ -0,0 +1,64 @@
+diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
+index 94ec87e..16ebd98 100644
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -1043,6 +1043,7 @@ static int proxy_handler(request_rec *r)
+ 
+         r->proxyreq = PROXYREQ_REVERSE;
+         r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
++        apr_table_setn(r->notes, "proxy-sethandler", "1");
+ 
+         /* Still need to fixup/canonicalize r->filename */
+         rc = ap_proxy_fixup_uds_filename(r);
+@@ -1055,6 +1056,7 @@ static int proxy_handler(request_rec *r)
+         }
+     }
+     else if (r->proxyreq && strncmp(r->filename, "proxy:", 6) == 0) {
++        apr_table_unset(r->notes, "proxy-sethandler");
+         rc = OK;
+     }
+     if (rc != OK) {
+diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
+index f9cf716..fa0b810 100644
+--- a/modules/proxy/mod_proxy_fcgi.c
++++ b/modules/proxy/mod_proxy_fcgi.c
+@@ -63,6 +63,8 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
+     apr_port_t port, def_port;
+     fcgi_req_config_t *rconf = NULL;
+     const char *pathinfo_type = NULL;
++    fcgi_dirconf_t *dconf = ap_get_module_config(r->per_dir_config,
++                                                 &proxy_fcgi_module);
+ 
+     if (ap_cstr_casecmpn(url, "fcgi:", 5) == 0) {
+         url += 5;
+@@ -92,7 +94,29 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
+         host = apr_pstrcat(r->pool, "[", host, "]", NULL);
+     }
+ 
+-    if (apr_table_get(r->notes, "proxy-nocanon")) {
++    if (apr_table_get(r->notes, "proxy-sethandler")
++        || apr_table_get(r->notes, "proxy-nocanon")){
++
++        char *c = url;
++
++        /* We do not call ap_proxy_canonenc_ex() on the path here, don't
++         * let control characters pass still, and for php-fpm no '?' either.
++         */
++        if (FCGI_MAY_BE_FPM(dconf)) {
++            while (!apr_iscntrl(*c) && *c != '?')
++                c++;
++        }
++        else {
++            while (!apr_iscntrl(*c))
++                c++;
++        }
++        if (*c) {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10414)
++                          "To be forwarded path contains control characters%s (%s)",
++                          FCGI_MAY_BE_FPM(dconf) ? " or '?'" : "", url);
++            return HTTP_FORBIDDEN;
++        }
++
+         path = url;   /* this is the raw path */
+     }
+     else {
diff --git a/httpd.spec b/httpd.spec
index e241bd8..96816e1 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.37
-Release: 65%{?dist}.2
+Release: 65%{?dist}.3
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
@@ -173,6 +173,8 @@ Patch93: httpd-2.4.37-r1885607.patch
 Patch94: httpd-2.4.57-r1884505+.patch
 # https://bz.apache.org/bugzilla/show_bug.cgi?id=69197
 Patch95: httpd-2.4.37-r1919325.patch
+# https://issues.redhat.com/browse/RHEL-56068
+Patch96: httpd-2.4.37-r1922080.patch
 
 # Security fixes
 Patch200: httpd-2.4.37-r1851471.patch
@@ -514,6 +516,8 @@ interface for storing and accessing per-user session data.
 %patch246 -p1 -b .CVE-2024-38476
 %patch247 -p1 -b .CVE-2024-39884+
 
+%patch96 -p1 -b .r1922080
+
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
 sed -i 's/@RELEASE@/%{release}/' server/core.c
@@ -1018,6 +1022,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Jan 29 2025 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.3
+- Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with
+  unicode characters in the name
+
 * Tue Aug 06 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-65.2
 - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
   applications whose response headers are malicious or exploitable (CVE-2024-38476)