httpd/SOURCES/httpd-2.4.37-CVE-2021-40438.patch

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index f383996..6a9ef55 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1717,7 +1717,8 @@ PROXY_DECLARE(const char *) ap_proxy_de_socketfy(apr_pool_t *p, const char *url)
      * the UDS path... ignore it
      */
     if (!strncasecmp(url, "unix:", 5) &&
-        ((ptr = ap_strchr_c(url, '|')) != NULL)) {
+        ((ptr = ap_strchr_c(url + 5, '|')) != NULL)) {
+
         /* move past the 'unix:...|' UDS path info */
         const char *ret, *c;
 
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 7714b6c..421f910 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2090,8 +2090,8 @@ static void fix_uds_filename(request_rec *r, char **url)
     if (!r || !r->filename) return;
 
     if (!strncmp(r->filename, "proxy:", 6) &&
-            (ptr2 = ap_strcasestr(r->filename, "unix:")) &&
-            (ptr = ap_strchr(ptr2, '|'))) {
+            !ap_cstr_casecmpn(r->filename + 6, "unix:", 5) &&
+            (ptr2 = r->filename + 6 + 5, ptr = ap_strchr(ptr2, '|'))) {
         apr_uri_t urisock;
         apr_status_t rv;
         *ptr = '\0';