main/apache2: security hotfix #844 (CVE-2011-4317)

1 files changed, 36 insertions, 0 deletions

diff --git a/main/apache2/CVE-2011-4317.patch b/main/apache2/CVE-2011-4317.patch
new file mode 100644
index 0000000000..698b2eb7ab
--- /dev/null
+++ b/main/apache2/CVE-2011-4317.patch
@@ -0,0 +1,36 @@
+Index: modules/proxy/mod_proxy.c
+===================================================================
+--- httpd-2.2.21/modules/proxy/mod_proxy.c	(revision 1179633)
++++ httpd-2.2.21/modules/proxy/mod_proxy.c	(working copy)
+@@ -566,6 +566,13 @@
+         return OK;
+     }
+ 
++    /* Check that the URI is valid. */
++    if (!r->uri  || r->uri[0] != '/') {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                     "Invalid URI in request %s", r->the_request);
++        return HTTP_BAD_REQUEST;
++    }
++
+     /* XXX: since r->uri has been manipulated already we're not really
+      * compliant with RFC1945 at this point.  But this probably isn't
+      * an issue because this is a hybrid proxy/origin server.
+Index: modules/mappers/mod_rewrite.c
+===================================================================
+--- httpd-2.2.21/modules/mappers/mod_rewrite.c	(revision 1179633)
++++ httpd-2.2.21/modules/mappers/mod_rewrite.c	(working copy)
+@@ -4266,6 +4266,13 @@
+         return DECLINED;
+     }
+ 
++    /* Check that the URI is valid. */
++    if (!r->uri || r->uri[0] != '/') {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                     "Invalid URI in request %s", r->the_request);
++        return HTTP_BAD_REQUEST;
++    }
++    
+     /*
+      *  add the SCRIPT_URL variable to the env. this is a bit complicated
+      *  due to the fact that apache uses subrequests and internal redirects