summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2020-1927.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/CVE-2020-1927.patch')
-rw-r--r--debian/patches/CVE-2020-1927.patch92
1 files changed, 92 insertions, 0 deletions
diff --git a/debian/patches/CVE-2020-1927.patch b/debian/patches/CVE-2020-1927.patch
new file mode 100644
index 0000000..cbdd84f
--- /dev/null
+++ b/debian/patches/CVE-2020-1927.patch
@@ -0,0 +1,92 @@
+Description: fix for CVE-2020-1927
+Author: covener
+Origin: upstream, https://svn.apache.org/r1873905
+ https://svn.apache.org/r1874191
+Bug: https://security-tracker.debian.org/tracker/CVE-2020-1927
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2020-08-25
+
+--- a/include/ap_regex.h
++++ b/include/ap_regex.h
+@@ -84,7 +84,11 @@
+
+ #define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */
+
+-#define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */
++#define AP_REG_NO_DEFAULT 0x400 /**< Don't implicitely add AP_REG_DEFAULT options */
++
++#define AP_REG_MATCH "MATCH_" /**< suggested prefix for ap_regname */
++
++#define AP_REG_DEFAULT (AP_REG_DOTALL|AP_REG_DOLLAR_ENDONLY)
+
+ /* Error values: */
+ enum {
+--- a/modules/filters/mod_substitute.c
++++ b/modules/filters/mod_substitute.c
+@@ -667,8 +667,10 @@
+
+ /* first see if we can compile the regex */
+ if (!is_pattern) {
+- r = ap_pregcomp(cmd->pool, from, AP_REG_EXTENDED |
+- (ignore_case ? AP_REG_ICASE : 0));
++ int flags = AP_REG_NO_DEFAULT
++ | (ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY)
++ | (ignore_case ? AP_REG_ICASE : 0);
++ r = ap_pregcomp(cmd->pool, from, flags);
+ if (!r)
+ return "Substitute could not compile regex";
+ }
+--- a/server/core.c
++++ b/server/core.c
+@@ -4937,7 +4937,7 @@
+ apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
+ apr_pool_cleanup_null);
+
+- ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
++ ap_regcomp_set_default_cflags(AP_REG_DEFAULT);
+
+ mpm_common_pre_config(pconf);
+
+--- a/server/util_pcre.c
++++ b/server/util_pcre.c
+@@ -120,8 +120,7 @@
+ * Compile a regular expression *
+ *************************************************/
+
+-static int default_cflags = AP_REG_DOTALL |
+- AP_REG_DOLLAR_ENDONLY;
++static int default_cflags = AP_REG_DEFAULT;
+
+ AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
+ {
+@@ -169,7 +168,9 @@
+ int errcode = 0;
+ int options = PCRE_DUPNAMES;
+
+- cflags |= default_cflags;
++ if ((cflags & AP_REG_NO_DEFAULT) == 0)
++ cflags |= default_cflags;
++
+ if ((cflags & AP_REG_ICASE) != 0)
+ options |= PCRE_CASELESS;
+ if ((cflags & AP_REG_NEWLINE) != 0)
+--- a/server/util_regex.c
++++ b/server/util_regex.c
+@@ -94,6 +94,7 @@
+ }
+
+ /* anything after the current delimiter is flags */
++ ret->flags = ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY;
+ while (*++endp) {
+ switch (*endp) {
+ case 'i': ret->flags |= AP_REG_ICASE; break;
+@@ -106,7 +107,7 @@
+ default: break; /* we should probably be stricter here */
+ }
+ }
+- if (ap_regcomp(&ret->rx, rxstr, ret->flags) == 0) {
++ if (ap_regcomp(&ret->rx, rxstr, AP_REG_NO_DEFAULT | ret->flags) == 0) {
+ apr_pool_cleanup_register(pool, &ret->rx, rxplus_cleanup,
+ apr_pool_cleanup_null);
+ }