httpd/backport-CVE-2021-36160.patch

From b364cad72b48dd40fbc2850e525b845406520f0b Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 2 Sep 2021 09:53:43 +0000
Subject: [PATCH] mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.

When the generic "proxy:reverse" worker is selected for an uwsgi scheme, the
worker name is irrelevant so uwscgi_handler() should point to the PATH_INFO
directly from the given URL.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892805 13f79535-47bb-0310-9956-ffa450edef68
---
 changes-entries/uwsgi_path_info.txt |  1 +
 modules/proxy/mod_proxy_uwsgi.c     | 22 +++++-----------------
 1 files changed, 5 insertions(+), 17 deletions(-)
 create mode 100644 changes-entries/uwsgi_path_info.txt

diff --git a/modules/proxy/mod_proxy_uwsgi.c b/modules/proxy/mod_proxy_uwsgi.c
index 7723d7b5c4f..971eaa59dc0 100644
--- a/modules/proxy/mod_proxy_uwsgi.c
+++ b/modules/proxy/mod_proxy_uwsgi.c
@@ -456,11 +456,8 @@ static int uwsgi_handler(request_rec *r, proxy_worker * worker,
                          const char *proxyname, apr_port_t proxyport)
 {
     int status;
-    int delta = 0;
-    int decode_status;
     proxy_conn_rec *backend = NULL;
     apr_pool_t *p = r->pool;
-    size_t w_len;
     char server_portstr[32];
     char *u_path_info;
     apr_uri_t *uri;
@@ -472,23 +469,14 @@ static int uwsgi_handler(request_rec *r, proxy_worker * worker,
 
     uri = apr_palloc(r->pool, sizeof(*uri));
 
-    /* ADD PATH_INFO */
-#if AP_MODULE_MAGIC_AT_LEAST(20111130,0)
-    w_len = strlen(worker->s->name);
-#else
-    w_len = strlen(worker->name);
-#endif
-    u_path_info = r->filename + 6 + w_len;
-    if (u_path_info[0] != '/') {
-        delta = 1;
-    }
-    decode_status = ap_unescape_url(url + w_len - delta);
-    if (decode_status) {
+    /* ADD PATH_INFO (unescaped) */
+    u_path_info = ap_strchr(url + sizeof(UWSGI_SCHEME) + 2, '/');
+    if (!u_path_info || ap_unescape_url(u_path_info) != OK) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10100)
-                      "unable to decode uri: %s", url + w_len - delta);
+                      "unable to decode uwsgi uri: %s", url);
         return HTTP_INTERNAL_SERVER_ERROR;
     }
-    apr_table_add(r->subprocess_env, "PATH_INFO", url + w_len - delta);
+    apr_table_add(r->subprocess_env, "PATH_INFO", u_path_info);
 
 
     /* Create space for state information */