Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 587335 Details for
Bug 824797
No longer supports rewriting HTTP CONNECT
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch v2 for CVE-2011-4317 effecting only rewriterule proxy
httpd-2.2.22-httpconnect2.patch (text/plain), 2.67 KB, created by
Gordon Russell
on 2012-05-29 08:02:24 UTC
(
hide
)
Description:
Patch v2 for CVE-2011-4317 effecting only rewriterule proxy
Filename:
MIME Type:
Creator:
Gordon Russell
Created:
2012-05-29 08:02:24 UTC
Size:
2.67 KB
patch
obsolete
>--- httpd-2.2.22.orig/modules/mappers/mod_rewrite.c 2012-01-24 19:39:31.000000000 +0000 >+++ httpd-2.2.22/modules/mappers/mod_rewrite.c 2012-05-28 16:52:38.790119737 +0100 >@@ -155,6 +155,7 @@ > #define ACTION_NORMAL 1<<0 > #define ACTION_NOESCAPE 1<<1 > #define ACTION_STATUS 1<<2 >+#define ACTION_FORBIDDEN 1<<3 > > > #define MAPTYPE_TXT 1<<0 >@@ -4079,6 +4080,22 @@ static int apply_rewrite_list(request_re > * last-rule and new-round flags. > */ > if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) { >+ /* If the rewrite involved PROXY, and the URI seems to risk >+ * causing an issue mentioned in CVE-2011-4317, then >+ * FORBID the request. Just disabling the related [P] >+ * rewriterule could cause a later rule to run with unexpected >+ * results. >+ * Only do the blocking if the executed last rule was PROXY >+ */ >+ if (p->flags & RULEFLAG_PROXY && >+ r->uri[0] != '/' && >+ strncmp(r->uri, "http://" , 7) != 0 && >+ strncmp(r->uri, "https://", 8 )!= 0) { >+ rewritelog((r, 2, NULL, >+ "uri %s is considered a proxy security risk", >+ r->uri ? r->uri : "<null>")); >+ return ACTION_FORBIDDEN; >+ } > break; > } > >@@ -4267,7 +4284,9 @@ static int hook_uri2file(request_rec *r) > } > > if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') >- || !r->uri || r->uri[0] != '/') { >+ || !r->uri ) { >+ rewritelog((r, 2, NULL, "uri %s is considered a security risk", >+ r->uri ? r->uri : "<null>")); > return DECLINED; > } > >@@ -4342,6 +4361,10 @@ static int hook_uri2file(request_rec *r) > unsigned skip; > apr_size_t flen; > >+ if (rulestatus == ACTION_FORBIDDEN) { >+ return HTTP_FORBIDDEN; >+ } >+ > if (ACTION_STATUS == rulestatus) { > int n = r->status; > >@@ -4522,6 +4545,7 @@ static int hook_fixup(request_rec *r) > char *ofilename; > int is_proxyreq; > >+ > dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config, > &rewrite_module); > >@@ -4599,6 +4623,10 @@ static int hook_fixup(request_rec *r) > if (rulestatus) { > unsigned skip; > >+ if (rulestatus == ACTION_FORBIDDEN) { >+ return HTTP_FORBIDDEN; >+ } >+ > if (ACTION_STATUS == rulestatus) { > int n = r->status; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=587335">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 824797
: 587335