Commit 45b12d4d authored by Eric Covener's avatar Eric Covener
Browse files

Merge r1774288 from trunk: 

short-circuit some kinds of looping in RewriteRule.

PR60478

Submitted By: Jeff Wheelouse <apache wheelhouse.org>
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774352 13f79535-47bb-0310-9956-ffa450edef68
parent 11b11b33

CHANGES

+5 −1
Original line number Diff line number Diff line
@@ -33,6 +33,10 @@ Changes with Apache 2.4.24 
     pollution by malicious clients, upstream servers or faulty modules.

     [Stefan Fritsch, Eric Covener, Yann Ylavic]



  *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of

     looping RewriteRules when the local path significantly exceeds 

     LimitRequestLine.  PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]



  *) mod_ratelimit: Allow for initial "burst" amount at full speed before

     throttling: PR 60145 [Andy Valencia <ajv-etradanalhos vsta.org>,

     Jim Jagielski]

STATUS

+0 −6
Original line number Diff line number Diff line
@@ -119,12 +119,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]



  *) Limit some kinds of rewrite looping. PR60478

     trunk patch: http://svn.apache.org/r1774288.

     2.4.x patch: trunk works

     +1: covener, ylavic, jchampion





PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

modules/mappers/mod_rewrite.c

+11 −0
Original line number Diff line number Diff line
@@ -4295,6 +4295,17 @@ static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, 
        rc = apply_rewrite_rule(p, ctx);



        if (rc) {



            /* Catch looping rules with pathinfo growing unbounded */

            if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {

                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,

                              "RewriteRule '%s' and URI '%s' "

                              "exceeded maximum length (%d)", 

                              p->pattern, r->uri, 2*r->server->limit_req_line );

                r->status = HTTP_INTERNAL_SERVER_ERROR;

                return ACTION_STATUS;

            }



            /* Regardless of what we do next, we've found a match. Check to see

             * if any of the request header fields were involved, and add them

             * to the Vary field of the response.