summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-30641.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-30641.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-30641.patch')
-rw-r--r--debian/patches/CVE-2021-30641.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-30641.patch b/debian/patches/CVE-2021-30641.patch
new file mode 100644
index 0000000..7486e1b
--- /dev/null
+++ b/debian/patches/CVE-2021-30641.patch
@@ -0,0 +1,50 @@
+Description: legacy default slash-matching behavior w/ 'MergeSlashes OFF'
+Author: Apache authors
+Origin: upstream, https://github.com/apache/httpd/commit/eb986059
+Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/server/request.c
++++ b/server/request.c
+@@ -1419,7 +1419,20 @@
+
+ cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
+ cached = (cache->cached != NULL);
+- entry_uri = r->uri;
++
++ /*
++ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
++ * have not been merged. But for Location walks we always go with merged
++ * slashes no matter what merge_slashes is set to.
++ */
++ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
++ entry_uri = r->uri;
++ }
++ else {
++ char *uri = apr_pstrdup(r->pool, r->uri);
++ ap_no2slash(uri);
++ entry_uri = uri;
++ }
+
+ /* If we have an cache->cached location that matches r->uri,
+ * and the vhost's list of locations hasn't changed, we can skip
+@@ -1486,7 +1499,7 @@
+ pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
+ }
+
+- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
++ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+ continue;
+ }
+
+@@ -1496,7 +1509,7 @@
+ apr_table_setn(r->subprocess_env,
+ ((const char **)entry_core->refs->elts)[i],
+ apr_pstrndup(r->pool,
+- entry_uri + pmatch[i].rm_so,
++ r->uri + pmatch[i].rm_so,
+ pmatch[i].rm_eo - pmatch[i].rm_so));
+ }
+ }