summaryrefslogtreecommitdiffstats
path: root/debian/patches/0053-CVE-2023-25690-1.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-25 04:41:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-25 04:41:28 +0000
commit2eeb62e38ae17a3523ad3cd81c3de9f20f9e7742 (patch)
treefe91033d4712f6d836006b998525656b9dd193b8 /debian/patches/0053-CVE-2023-25690-1.patch
parentMerging upstream version 2.4.59. (diff)
downloadapache2-2eeb62e38ae17a3523ad3cd81c3de9f20f9e7742.tar.xz
apache2-2eeb62e38ae17a3523ad3cd81c3de9f20f9e7742.zip
Adding debian version 2.4.59-1~deb10u1.debian/2.4.59-1_deb10u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/0053-CVE-2023-25690-1.patch')
-rw-r--r--debian/patches/0053-CVE-2023-25690-1.patch170
1 files changed, 0 insertions, 170 deletions
diff --git a/debian/patches/0053-CVE-2023-25690-1.patch b/debian/patches/0053-CVE-2023-25690-1.patch
deleted file mode 100644
index a7370c7..0000000
--- a/debian/patches/0053-CVE-2023-25690-1.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From 8789f6bb926fa4c33b4231a8444340515c82bdff Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@apache.org>
-Date: Sun, 5 Mar 2023 20:28:43 +0000
-Subject: [PATCH] [1/2] Fix CVE-2023-25690: HTTP Request Smuggling in mod_proxy*
-
- don't forward invalid query strings
-
- Submitted by: rpluem
-
-Reviewed By: covener, fielding, rpluem, gbechis
-bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
-bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
-bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-25690
-origin: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908096 13f79535-47bb-0310-9956-ffa450edef68
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908096 13f79535-47bb-0310-9956-ffa450edef68
----
- modules/http2/mod_proxy_http2.c | 10 ++++++++++
- modules/mappers/mod_rewrite.c | 22 ++++++++++++++++++++++
- modules/proxy/mod_proxy_ajp.c | 10 ++++++++++
- modules/proxy/mod_proxy_balancer.c | 10 ++++++++++
- modules/proxy/mod_proxy_http.c | 10 ++++++++++
- modules/proxy/mod_proxy_wstunnel.c | 10 ++++++++++
- 6 files changed, 72 insertions(+)
-
-diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
-index 3faf03472bb..aa299b937a5 100644
---- a/modules/http2/mod_proxy_http2.c
-+++ b/modules/http2/mod_proxy_http2.c
-@@ -158,6 +158,16 @@ static int proxy_http2_canon(request_rec *r, char *url)
- path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
- enc_path, 0, r->proxyreq);
- search = r->args;
-+ if (search && *(ap_scan_vchar_obstext(search))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
-+ "To be forwarded query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
- }
- break;
- case PROXYREQ_PROXY:
-diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
-index 943996560e5..f6398f19386 100644
---- a/modules/mappers/mod_rewrite.c
-+++ b/modules/mappers/mod_rewrite.c
-@@ -4729,6 +4729,17 @@ static int hook_uri2file(request_rec *r)
- unsigned skip;
- apr_size_t flen;
-
-+ if (r->args && *(ap_scan_vchar_obstext(r->args))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
-+ "Rewritten query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
-+
- if (ACTION_STATUS == rulestatus) {
- int n = r->status;
-
-@@ -5013,6 +5024,17 @@ static int hook_fixup(request_rec *r)
- if (rulestatus) {
- unsigned skip;
-
-+ if (r->args && *(ap_scan_vchar_obstext(r->args))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
-+ "Rewritten query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
-+
- if (ACTION_STATUS == rulestatus) {
- int n = r->status;
-
-diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
-index 1449acad733..e46bd903a36 100644
---- a/modules/proxy/mod_proxy_ajp.c
-+++ b/modules/proxy/mod_proxy_ajp.c
-@@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
- search = r->args;
-+ if (search && *(ap_scan_vchar_obstext(search))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
-+ "To be forwarded query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
- }
- if (path == NULL)
- return HTTP_BAD_REQUEST;
-diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
-index f6fb6345ae3..7f990084336 100644
---- a/modules/proxy/mod_proxy_balancer.c
-+++ b/modules/proxy/mod_proxy_balancer.c
-@@ -106,6 +106,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
- search = r->args;
-+ if (search && *(ap_scan_vchar_obstext(search))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
-+ "To be forwarded query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
- }
- if (path == NULL)
- return HTTP_BAD_REQUEST;
-diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
-index ec4e7fb06b5..51d19a0a21b 100644
---- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -125,6 +125,16 @@ static int proxy_http_canon(request_rec *r, char *url)
- path = ap_proxy_canonenc(r->pool, url, strlen(url),
- enc_path, 0, r->proxyreq);
- search = r->args;
-+ if (search && *(ap_scan_vchar_obstext(search))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
-+ "To be forwarded query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
- }
- break;
- case PROXYREQ_PROXY:
-diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
-index bcbba42f9a4..88f86a49dbb 100644
---- a/modules/proxy/mod_proxy_wstunnel.c
-+++ b/modules/proxy/mod_proxy_wstunnel.c
-@@ -114,6 +114,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
- r->proxyreq);
- search = r->args;
-+ if (search && *(ap_scan_vchar_obstext(search))) {
-+ /*
-+ * We have a raw control character or a ' ' in r->args.
-+ * Correct encoding was missed.
-+ */
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
-+ "To be forwarded query string contains control "
-+ "characters or spaces");
-+ return HTTP_FORBIDDEN;
-+ }
- }
- if (path == NULL)
- return HTTP_BAD_REQUEST;
-