apache2/apache2-CVE-2024-38477.patch

--- a/modules/proxy/proxy_util.c	2024/06/25 17:29:06	1918606
+++ b/modules/proxy/proxy_util.c	2024/06/25 17:29:32	1918607
@@ -3113,6 +3113,13 @@
                              apr_pstrcat(p,"URI cannot be parsed: ", *url,
                                          NULL));
     }
+
+    if (!uri->hostname) {
+        return ap_proxyerror(r, HTTP_BAD_REQUEST,
+                             apr_pstrcat(p,"URI has no hostname: ", *url,
+                                         NULL));
+    }
+
     if (!uri->port) {
         uri->port = ap_proxy_port_of_scheme(uri->scheme);
     }
@@ -4496,6 +4503,10 @@
 
     /* Compute Host header */
     if (dconf->preserve_host == 0) {
+        if (!uri->hostname) {
+            rc = HTTP_BAD_REQUEST;
+            goto cleanup;
+        }
         if (ap_strchr_c(uri->hostname, ':')) { /* if literal IPv6 address */
             if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) {
                 host = apr_pstrcat(r->pool, "[", uri->hostname, "]:",
Sync from SUSE:SLFO:Main apache2 revision 9e01fea60a3a8374c1b97284c3acb7d0 2024-07-22 16:58:02 +02:00			`--- a/modules/proxy/proxy_util.c 2024/06/25 17:29:06 1918606`
			`+++ b/modules/proxy/proxy_util.c 2024/06/25 17:29:32 1918607`
			`@@ -3113,6 +3113,13 @@`
			`apr_pstrcat(p,"URI cannot be parsed: ", *url,`
			`NULL));`
			`}`
			`+`
			`+ if (!uri->hostname) {`
			`+ return ap_proxyerror(r, HTTP_BAD_REQUEST,`
			`+ apr_pstrcat(p,"URI has no hostname: ", *url,`
			`+ NULL));`
			`+ }`
			`+`
			`if (!uri->port) {`
			`uri->port = ap_proxy_port_of_scheme(uri->scheme);`
			`}`
			`@@ -4496,6 +4503,10 @@`

			`/* Compute Host header */`
			`if (dconf->preserve_host == 0) {`
			`+ if (!uri->hostname) {`
			`+ rc = HTTP_BAD_REQUEST;`
			`+ goto cleanup;`
			`+ }`
			`if (ap_strchr_c(uri->hostname, ':')) { /* if literal IPv6 address */`
			`if (uri->port_str && uri->port != DEFAULT_HTTP_PORT) {`
			`host = apr_pstrcat(r->pool, "[", uri->hostname, "]:",`