serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-26 13:43:47 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fastcgi: Protect against requests with null bytes in the path (#4614)

Browse source
This commit is contained in:
Francis Lavoie 2022-03-07 12:06:33 -05:00 committed by GitHub
parent ab0455922a
commit c8f2834b51
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go
View file

@ -110,6 +110,13 @@ func (t *Transport) Provision(ctx caddy.Context) error {
// RoundTrip implements http.RoundTripper.
func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) {
// Disallow null bytes in the request path, because
// PHP upstreams may do bad things, like execute a
// non-PHP file as PHP code. See #4574
if strings.Contains(r.URL.Path, "\x00") {
return nil, caddyhttp.Error(http.StatusBadRequest, fmt.Errorf("invalid request path"))
}
env, err := t.buildEnv(r)
if err != nil {
return nil, fmt.Errorf("building environment: %v", err)