Re: svn commit: r1885239 - in /httpd/httpd/trunk: changes-entries/proxy_wstunnel_to_http.txt docs/log-message-tags/next-number modules/proxy/mod_proxy.h modules/proxy/mod_proxy_http.c modules/proxy/mod_proxy_wstunnel.c modules/proxy/proxy_util.c

[Ruediger Pluem]

On 2/2/21 11:32 AM, Ruediger Pluem wrote:
> 
> 
> On 1/7/21 2:19 PM, yla...@apache.org wrote:
>> Author: ylavic
>> Date: Thu Jan  7 13:19:08 2021
>> New Revision: 1885239

>> Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?rev=1885239&r1=1885238&r2=1885239&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c (original)
>> +++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c Thu Jan  7 13:19:08 2021

>> @@ -1840,9 +1877,8 @@ static int proxy_http_handler(request_re
>>                                apr_port_t proxyport)
>>  {
>>      int status;
>> -    char *scheme;
>> -    const char *proxy_function;
>> -    const char *u;
>> +    const char *scheme;
>> +    const char *u = url;
>>      proxy_http_req_t *req = NULL;
>>      proxy_conn_rec *backend = NULL;
>>      apr_bucket_brigade *input_brigade = NULL;
>> @@ -1860,41 +1896,31 @@ static int proxy_http_handler(request_re
>>      apr_pool_t *p = r->pool;
>>      apr_uri_t *uri;
>>  
>> -    /* find the scheme */
>> -    u = strchr(url, ':');
>> -    if (u == NULL || u[1] != '/' || u[2] != '/' || u[3] == '\0')
>> +    scheme = get_url_scheme(&u, &is_ssl);
>> +    if (!scheme && proxyname && strncasecmp(url, "ftp:", 4) == 0) {
>> +        u = url + 4;
>> +        scheme = "ftp";
>> +        is_ssl = 0;
>> +    }
>> +    if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') {
>> +        if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
>> +            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
>> +                          "overlong proxy URL scheme in %s", url);
>> +            return HTTP_BAD_REQUEST;
>> +        }
> 
> This breaks forward proxies with the CONNECT method.
> For CONNECT somwhere123456789.com:443 schema is NULL and u[0] is 's' and 
> hence != /.
> 
> The following patches fixes this:
> 
> Index: mod_proxy_http.c
> ===================================================================
> --- mod_proxy_http.c  (revision 1886120)
> +++ mod_proxy_http.c  (working copy)
> @@ -1903,15 +1903,15 @@
>          is_ssl = 0;
>      }
>      if (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') {
> -        if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
> -            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
> -                          "overlong proxy URL scheme in %s", url);
> -            return HTTP_BAD_REQUEST;
> -        }
>          ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01113)
>                        "HTTP: declining URL %s", url);
>          return DECLINED; /* only interested in HTTP, WS or FTP via proxy */
>      }
> +    if (!scheme && (u = strchr(url, ':')) && (u - url) > 14) {
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10262)
> +                      "overlong proxy URL scheme in %s", url);
> +        return HTTP_BAD_REQUEST;
> +    }
>      if (is_ssl && !ap_proxy_ssl_enable(NULL)) {
>          ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01112)
>                        "HTTP: declining URL %s (mod_ssl not configured?)", 
> url);
> 
> Unfortunately this has been already backported in r1885605 and hence 2.4.x is 
> now broken as well.
> 

And it looks like that the test suite has no forward proxy tests at all which 
caused this to be missed by the test framework.

Regards

Rüdiger