On Tue, Dec 14, 2021 at 6:11 PM Roy T. Fielding <[email protected]> wrote:
>
> I am pretty sure that this isn't correct, or at least seems like overkill.
> We should definitely block unix: from being forwarded, but why would
> we want to block things like a urn: resolver?
Oh I realize now that you are probably talking about the below hunk here:
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy.c Tue Dec 14
15:35:56 2021
@@ -775,13 +775,13 @@ static int proxy_detect(request_rec *r)
/* Ick... msvc (perhaps others) promotes ternary short results to int */
- if (conf->req && r->parsed_uri.scheme) {
+ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
/* but it might be something vhosted */
- if (!(r->parsed_uri.hostname
- && !ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r))
- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
-
(apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
- :
ap_default_port(r))))) {
+ if (ap_cstr_casecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
+ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
+ (apr_port_t)(r->parsed_uri.port_str
+ ? r->parsed_uri.port
+ : ap_default_port(r)))) {
And indeed this breaks a potential forward proxy module which would
handle an "urn:" like scheme.
We'd better check for a hostname in *our* proxy modules only, where it's needed.
Thanks;
Yann.
