51b23565c0
in mod_rewrite (CVE-2024-38474) Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)
57 lines
2.4 KiB
Diff
57 lines
2.4 KiB
Diff
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
|
|
index 797f093..114b126 100644
|
|
--- a/modules/mappers/mod_rewrite.c
|
|
+++ b/modules/mappers/mod_rewrite.c
|
|
@@ -4311,6 +4311,32 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
|
|
return RULE_RC_NOSUB;
|
|
}
|
|
|
|
+ /* Add the previously stripped per-directory location prefix, unless
|
|
+ * (1) it's an absolute URL path and
|
|
+ * (2) it's a full qualified URL
|
|
+ */
|
|
+ if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {
|
|
+ if (ctx->perdir) {
|
|
+ rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
|
|
+ newuri, ctx->perdir, newuri));
|
|
+
|
|
+ newuri = apr_pstrcat(r->pool, ctx->perdir, newuri, NULL);
|
|
+ }
|
|
+ else if (!(p->flags & (RULEFLAG_PROXY | RULEFLAG_FORCEREDIRECT))) {
|
|
+ /* Not an absolute URI-path and the scheme (if any) is unknown,
|
|
+ * and it won't be passed to fully_qualify_uri() below either,
|
|
+ * so add an implicit '/' prefix. This avoids potentially a common
|
|
+ * rule like "RewriteRule ^/some/path(.*) $1" that is given a path
|
|
+ * like "/some/pathscheme:..." to produce the fully qualified URL
|
|
+ * "scheme:..." which could be misinterpreted later.
|
|
+ */
|
|
+ rewritelog((r, 3, ctx->perdir, "add root prefix: %s -> /%s",
|
|
+ newuri, newuri));
|
|
+
|
|
+ newuri = apr_pstrcat(r->pool, "/", newuri, NULL);
|
|
+ }
|
|
+ }
|
|
+
|
|
/* Now adjust API's knowledge about r->filename and r->args */
|
|
r->filename = newuri;
|
|
|
|
@@ -4320,18 +4346,6 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
|
|
|
|
splitout_queryargs(r, p->flags);
|
|
|
|
- /* Add the previously stripped per-directory location prefix, unless
|
|
- * (1) it's an absolute URL path and
|
|
- * (2) it's a full qualified URL
|
|
- */
|
|
- if ( ctx->perdir && !is_proxyreq && *r->filename != '/'
|
|
- && !is_absolute_uri(r->filename, NULL)) {
|
|
- rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
|
|
- r->filename, ctx->perdir, r->filename));
|
|
-
|
|
- r->filename = apr_pstrcat(r->pool, ctx->perdir, r->filename, NULL);
|
|
- }
|
|
-
|
|
/* If this rule is forced for proxy throughput
|
|
* (`RewriteRule ... ... [P]') then emulate mod_proxy's
|
|
* URL-to-filename handler to be sure mod_proxy is triggered
|