On 3/2/21 9:50 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Tue Mar 2 20:50:40 2021
> New Revision: 1887118
>
> URL: http://svn.apache.org/viewvc?rev=1887118&view=rev
> Log:
> Merge r1886141, r1886151 from trunk:
>
> * We need to check for (!scheme && (u = strchr(url, ':')) && (u - url) > 14)
> later as (!scheme || u[0] != '/' || u[1] != '/' || u[2] == '\0') is true
> for requests with the CONNECT method which we need to decline. But in many
> cases requests with the CONNECT method have (u - url) > 14 as in this
> case (u - url) is the length of the FQDN the forward proxy should connect
> to.
>
>
> mod_proxy_http: follow up to r1886141, axe overlong scheme check.
>
> Since mod_proxy can see CONNECT URIs, "hostname:port" versus "scheme:"
> is hardly distinguishable (we don't want to limit the length of hostnames),
> and we don't allocate the scheme anymore while parsing, let's simply decline
> unrecognized schemes (overlong or not) and be caught by the no-handler case
> if there really is no proxy handler interested.
>
>
> Submitted by: rpluem, ylavic
> Reviewed by: ylavic, covener, icing
>
> Modified:
> httpd/httpd/branches/2.4.x/ (props changed)
> httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
> httpd/httpd/branches/2.4.x/server/core_filters.c
I think the change to core_filters.c is unrelated.
Regards
RĂ¼diger
