httpd/backport-CVE-2024-38473-fix-comparsion-of-local-path.patch

From cc00cf6b4e37370897daddc307bf1deecf8fedfa Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Tue, 25 Jun 2024 20:20:05 +0000
Subject: [PATCH] Merge r1918623 from trunk:

fix comparison of local path on Windows

Submitted By: Yann Ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918625 13f79535-47bb-0310-9956-ffa450edef68

Conflict:NA
Reference:https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa

---
 modules/mappers/mod_rewrite.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index a231b7c..6076cc2 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -642,6 +642,19 @@ static unsigned is_absolute_uri(char *uri, int *supportsqs)
     return 0;
 }
 
+static int is_absolute_path(const char *path)
+{
+#ifndef WIN32
+    return (path[0] == '/');
+#else
+#define IS_SLASH(c) ((c) == '/' || (c) == '\\')
+    /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */
+    return ((IS_SLASH(path[0]) && path[1] == path[0])
+            || (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2])));
+#undef IS_SLASH
+#endif
+}
+
 static const char c2x_table[] = "0123456789abcdef";
 
 static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix,
@@ -4284,7 +4297,9 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)
      * (1) it's an absolute URL path and
      * (2) it's a full qualified URL
      */
-    if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {
+    if (!is_proxyreq
+        && !is_absolute_path(newuri)
+        && !is_absolute_uri(newuri, NULL)) {
         if (ctx->perdir) {
             rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",
                        newuri, ctx->perdir, newuri));
-- 
2.33.0
fix some CVEs 2024-07-08 17:08:18 +08:00			`From cc00cf6b4e37370897daddc307bf1deecf8fedfa Mon Sep 17 00:00:00 2001`
			`From: Eric Covener <covener@apache.org>`
			`Date: Tue, 25 Jun 2024 20:20:05 +0000`
			`Subject: [PATCH] Merge r1918623 from trunk:`

			`fix comparison of local path on Windows`

			`Submitted By: Yann Ylavic`



			`git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918625 13f79535-47bb-0310-9956-ffa450edef68`

			`Conflict:NA`
			`Reference:https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa`

			`---`
			`modules/mappers/mod_rewrite.c \| 17 ++++++++++++++++-`
			`1 file changed, 16 insertions(+), 1 deletion(-)`

			`diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c`
			`index a231b7c..6076cc2 100644`
			`--- a/modules/mappers/mod_rewrite.c`
			`+++ b/modules/mappers/mod_rewrite.c`
			`@@ -642,6 +642,19 @@ static unsigned is_absolute_uri(char uri, int supportsqs)`
			`return 0;`
			`}`

			`+static int is_absolute_path(const char *path)`
			`+{`
			`+#ifndef WIN32`
			`+ return (path[0] == '/');`
			`+#else`
			`+#define IS_SLASH(c) ((c) == '/' \|\| (c) == '\\')`
			`+ /* "//", "\\", "x:/" and "x:\" are absolute paths on Windows */`
			`+ return ((IS_SLASH(path[0]) && path[1] == path[0])`
			`+ \|\| (apr_isalpha(path[0]) && path[1] == ':' && IS_SLASH(path[2])));`
			`+#undef IS_SLASH`
			`+#endif`
			`+}`
			`+`
			`static const char c2x_table[] = "0123456789abcdef";`

			`static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix,`
			`@@ -4284,7 +4297,9 @@ static int apply_rewrite_rule(rewriterule_entry p, rewrite_ctx ctx)`
			`* (1) it's an absolute URL path and`
			`* (2) it's a full qualified URL`
			`*/`
			`- if (!is_proxyreq && *newuri != '/' && !is_absolute_uri(newuri, NULL)) {`
			`+ if (!is_proxyreq`
			`+ && !is_absolute_path(newuri)`
			`+ && !is_absolute_uri(newuri, NULL)) {`
			`if (ctx->perdir) {`
			`rewritelog((r, 3, ctx->perdir, "add per-dir prefix: %s -> %s%s",`
			`newuri, ctx->perdir, newuri));`
			`--`
			`2.33.0`