summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2019-10097.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2019-10097.patch72
1 files changed, 0 insertions, 72 deletions
diff --git a/debian/patches/CVE-2019-10097.patch b/debian/patches/CVE-2019-10097.patch
deleted file mode 100644
index 0be05f5..0000000
--- a/debian/patches/CVE-2019-10097.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Description: Fix for CVE-2019-10097
-Author: jorton
-Origin: upstream, https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864613
-Bug: https://security-tracker.debian.org/tracker/CVE-2019-10097
-Forwarded: not-needed
-Reviewed-By: Xavier Guimard <yadd@debian.org>
-Last-Update: 2019-08-17
-
---- a/modules/metadata/mod_remoteip.c
-+++ b/modules/metadata/mod_remoteip.c
-@@ -987,15 +987,13 @@
- return HDR_ERROR;
- #endif
- default:
-- /* unsupported protocol, keep local connection address */
-- return HDR_DONE;
-+ /* unsupported protocol */
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(10183)
-+ "RemoteIPProxyProtocol: unsupported protocol %.2hx",
-+ (unsigned short)hdr->v2.fam);
-+ return HDR_ERROR;
- }
- break; /* we got a sockaddr now */
--
-- case 0x00: /* LOCAL command */
-- /* keep local connection address for LOCAL */
-- return HDR_DONE;
--
- default:
- /* not a supported command */
- ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(03507)
-@@ -1087,11 +1085,24 @@
- /* try to read a header's worth of data */
- while (!ctx->done) {
- if (APR_BRIGADE_EMPTY(ctx->bb)) {
-- ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block,
-- ctx->need - ctx->rcvd);
-+ apr_off_t got, want = ctx->need - ctx->rcvd;
-+
-+ ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block, want);
- if (ret != APR_SUCCESS) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10184)
-+ "failed reading input");
- return ret;
- }
-+
-+ ret = apr_brigade_length(ctx->bb, 1, &got);
-+ if (ret || got > want) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10185)
-+ "RemoteIPProxyProtocol header too long, "
-+ "got %" APR_OFF_T_FMT " expected %" APR_OFF_T_FMT,
-+ got, want);
-+ f->c->aborted = 1;
-+ return APR_ECONNABORTED;
-+ }
- }
- if (APR_BRIGADE_EMPTY(ctx->bb)) {
- return block == APR_NONBLOCK_READ ? APR_SUCCESS : APR_EOF;
-@@ -1139,6 +1150,13 @@
- if (ctx->rcvd >= MIN_V2_HDR_LEN) {
- ctx->need = MIN_V2_HDR_LEN +
- remoteip_get_v2_len((proxy_header *) ctx->header);
-+ if (ctx->need > sizeof(proxy_v2)) {
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, APLOGNO(10186)
-+ "RemoteIPProxyProtocol protocol header length too long");
-+ f->c->aborted = 1;
-+ apr_brigade_destroy(ctx->bb);
-+ return APR_ECONNABORTED;
-+ }
- }
- if (ctx->rcvd >= ctx->need) {
- psts = remoteip_process_v2_header(f->c, conn_conf,