diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/CVE-2019-10097.patch | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/debian/patches/CVE-2019-10097.patch b/debian/patches/CVE-2019-10097.patch deleted file mode 100644 index 0be05f5..0000000 --- a/debian/patches/CVE-2019-10097.patch +++ /dev/null @@ -1,72 +0,0 @@ -Description: Fix for CVE-2019-10097 -Author: jorton -Origin: upstream, https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864613 -Bug: https://security-tracker.debian.org/tracker/CVE-2019-10097 -Forwarded: not-needed -Reviewed-By: Xavier Guimard <yadd@debian.org> -Last-Update: 2019-08-17 - ---- a/modules/metadata/mod_remoteip.c -+++ b/modules/metadata/mod_remoteip.c -@@ -987,15 +987,13 @@ - return HDR_ERROR; - #endif - default: -- /* unsupported protocol, keep local connection address */ -- return HDR_DONE; -+ /* unsupported protocol */ -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(10183) -+ "RemoteIPProxyProtocol: unsupported protocol %.2hx", -+ (unsigned short)hdr->v2.fam); -+ return HDR_ERROR; - } - break; /* we got a sockaddr now */ -- -- case 0x00: /* LOCAL command */ -- /* keep local connection address for LOCAL */ -- return HDR_DONE; -- - default: - /* not a supported command */ - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(03507) -@@ -1087,11 +1085,24 @@ - /* try to read a header's worth of data */ - while (!ctx->done) { - if (APR_BRIGADE_EMPTY(ctx->bb)) { -- ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block, -- ctx->need - ctx->rcvd); -+ apr_off_t got, want = ctx->need - ctx->rcvd; -+ -+ ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block, want); - if (ret != APR_SUCCESS) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10184) -+ "failed reading input"); - return ret; - } -+ -+ ret = apr_brigade_length(ctx->bb, 1, &got); -+ if (ret || got > want) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10185) -+ "RemoteIPProxyProtocol header too long, " -+ "got %" APR_OFF_T_FMT " expected %" APR_OFF_T_FMT, -+ got, want); -+ f->c->aborted = 1; -+ return APR_ECONNABORTED; -+ } - } - if (APR_BRIGADE_EMPTY(ctx->bb)) { - return block == APR_NONBLOCK_READ ? APR_SUCCESS : APR_EOF; -@@ -1139,6 +1150,13 @@ - if (ctx->rcvd >= MIN_V2_HDR_LEN) { - ctx->need = MIN_V2_HDR_LEN + - remoteip_get_v2_len((proxy_header *) ctx->header); -+ if (ctx->need > sizeof(proxy_v2)) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, APLOGNO(10186) -+ "RemoteIPProxyProtocol protocol header length too long"); -+ f->c->aborted = 1; -+ apr_brigade_destroy(ctx->bb); -+ return APR_ECONNABORTED; -+ } - } - if (ctx->rcvd >= ctx->need) { - psts = remoteip_process_v2_header(f->c, conn_conf, |