VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-29 12:37:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

* modules/proxy/mod_proxy_balancer.c (balancer_handler): Check Referer

Browse Source 
to improve on protection against balancer-manager XSRF attacks
  provided by the nonce.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864695 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2019-08-08 12:11:36 +00:00
parent 9fb0386653
commit ed70569bf5
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/proxy/mod_proxy_balancer.c
View File

@ -1843,6 +1843,18 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
}
}
/* Returns non-zero if the Referer: header value passed matches the
* host of the request. */
static int safe_referer(request_rec *r, const char *ref)
{
apr_uri_t uri;
if (apr_uri_parse(r->pool, ref, &uri) || !uri.hostname)
return 0;
return strcmp(uri.hostname, ap_get_server_name(r)) == 0;
}
/* Manages the loadfactors and member status
* The balancer, worker and nonce are obtained from
* the request args (?b=...&w=...&nonce=....).
@ -1860,7 +1872,7 @@ static int balancer_handler(request_rec *r)
apr_table_t *params;
int i;
int ok2change = 1;
const char *name;
const char *name, *ref;
apr_status_t rv;
/* is this for us? */
@ -1920,6 +1932,15 @@ static int balancer_handler(request_rec *r)
push2table(buf, params, NULL, r->pool);
}
/* Ignore parameters if this looks like XSRF */
ref = apr_table_get(r->headers_in, "Referer");
if (apr_table_elts(params)
&& (!ref || !safe_referer(r, ref))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10187)
"ignoring params in balancer-manager cross-site access");
apr_table_clear(params);
}
/* Process the parameters */
if ((name = apr_table_get(params, "b")))
bsel = ap_proxy_get_balancer(r->pool, conf,