[packages/apache.git] / httpd-2.0.46-davbadfrag.patch

--- httpd-2.0.46/modules/dav/main/mod_dav.c.davbadfrag
+++ httpd-2.0.46/modules/dav/main/mod_dav.c
@@ -4537,6 +4537,16 @@
     if (strcmp(r->handler, DAV_HANDLER_NAME) != 0)
         return DECLINED;
 
+    /* Reject requests with an unescaped hash character, as these may
+     * be more destructive than the user intended. */
+    if (r->parsed_uri.fragment != NULL) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                     "buggy client used un-escaped hash in Request-URI");
+        return dav_error_response(r, HTTP_BAD_REQUEST, 
+                                  "The request was invalid: the URI included "
+                                  "an un-escaped hash character");
+    }
+
     /* ### do we need to do anything with r->proxyreq ?? */
 
     /*
Commit	Line	Data
0e467b1f AM	1	--- httpd-2.0.46/modules/dav/main/mod_dav.c.davbadfrag
	2	+++ httpd-2.0.46/modules/dav/main/mod_dav.c
	3	@@ -4537,6 +4537,16 @@
	4	if (strcmp(r->handler, DAV_HANDLER_NAME) != 0)
	5	return DECLINED;
	6
	7	+ /* Reject requests with an unescaped hash character, as these may
	8	+ * be more destructive than the user intended. */
	9	+ if (r->parsed_uri.fragment != NULL) {
	10	+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
	11	+ "buggy client used un-escaped hash in Request-URI");
	12	+ return dav_error_response(r, HTTP_BAD_REQUEST,
	13	+ "The request was invalid: the URI included "
	14	+ "an un-escaped hash character");
	15	+ }
	16	+
	17	/* ### do we need to do anything with r->proxyreq ?? */
	18
	19	/*