short-circuit some kinds of looping in RewriteRule.

PR60478

Submitted By: Jeff Wheelouse <apache wheelhouse.org>
Committed By: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774288 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 11 insertions, 0 deletions

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 2abb32e8d5..e026f38ca3 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4350,6 +4350,17 @@ static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules,
         rc = apply_rewrite_rule(p, ctx);
 
         if (rc) {
+
+            /* Catch looping rules with pathinfo growing unbounded */
+            if ( strlen( r->filename ) > 2*r->server->limit_req_line ) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "RewriteRule '%s' and URI '%s' "
+                              "exceeded maximum length (%d)", 
+                              p->pattern, r->uri, 2*r->server->limit_req_line );
+                r->status = HTTP_INTERNAL_SERVER_ERROR;
+                return ACTION_STATUS;
+            }
+
             /* Regardless of what we do next, we've found a match. Check to see
              * if any of the request header fields were involved, and add them
              * to the Vary field of the response.