mod_http2/mod_http2-1.15.7-CVE-2023-25690.patch

22 lines
957 B
Diff
Raw Normal View History

diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c
index 2208707..844653e 100644
--- a/mod_http2/mod_proxy_http2.c
+++ b/mod_http2/mod_proxy_http2.c
@@ -159,6 +159,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
+ if (search && *(ap_scan_vchar_obstext(search))) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
}
break;
case PROXYREQ_PROXY: