* In the reverse proxy case when we only want to keep encoded slashes untouched

we can have decoded '%''s in the URI that got sent to us in the original URL as %25. Don't error out in this case but just fall through and have them encoded to %25 when forwarding to the backend. PR: 66580 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909464 13f79535-47bb-0310-9956-ffa450edef68
2025-08-15 23:27:39 +00:00 · 2023-04-28 06:20:27 +00:00
parent 10b15a816d
commit 9b1964bf45
2 changed files with 32 additions and 19 deletions
--- a/changes-entries/pr66580.txt
+++ b/changes-entries/pr66580.txt
@ -0,0 +1,3 @@
+  *) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
+     fail on literal '%' when doing the encoding of the backend URL.
+     PR 66580 [Ruediger Pluem]
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@ -260,27 +260,37 @@ PROXY_DECLARE(char *)ap_proxy_canonenc_ex(apr_pool_t *p, const char *x, int len,
 */
        if ((forcedec || noencslashesenc
            || (proxyreq && proxyreq != PROXYREQ_REVERSE)) && ch == '%') {
-            if (!apr_isxdigit(x[i + 1]) || !apr_isxdigit(x[i + 2])) {
+            if (apr_isxdigit(x[i + 1]) && apr_isxdigit(x[i + 2])) {
+                ch = ap_proxy_hex2c(&x[i + 1]);
+                if (ch != 0 && strchr(reserved, ch)) {  /* keep it encoded */
+                    y[j++] = x[i++];
+                    y[j++] = x[i++];
+                    y[j] = x[i];
+                    continue;
+                }
+                if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
+                    /*
+                     * In the reverse proxy case when we only want to keep encoded
+                     * slashes untouched revert back to '%' which will cause
+                     * '%' to be encoded in the following.
+                     */
+                    ch = '%';
+                }
+                else {
+                    i += 2;
+                }
+            }
+            /*
+             * In the reverse proxy case when we only want to keep encoded
+             * slashes untouched we can have decoded '%''s in the URI that got
+             * sent to us in the original URL as %25.
+             * Don't error out in this case but just fall through and have them
+             * encoded to %25 when forwarding to the backend.
+             */
+            else if (!noencslashesenc || forcedec
+                     || (proxyreq && proxyreq != PROXYREQ_REVERSE)) {
                return NULL;
            }
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            if (ch != 0 && strchr(reserved, ch)) {  /* keep it encoded */
-                y[j++] = x[i++];
-                y[j++] = x[i++];
-                y[j] = x[i];
-                continue;
-            }
-            if (noencslashesenc && !forcedec && (proxyreq == PROXYREQ_REVERSE)) {
-                /*
-                 * In the reverse proxy case when we only want to keep encoded
-                 * slashes untouched revert back to '%' which will cause
-                 * '%' to be encoded in the following.
-                 */
-                ch = '%';
-            }
-            else {
-                i += 2;
-            }
        }
 /* recode it, if necessary */
        if (!apr_isalnum(ch) && !strchr(allowed, ch)) {