diff options
Diffstat (limited to 'debian/patches/CVE-2020-35452.patch')
| -rw-r--r-- | debian/patches/CVE-2020-35452.patch | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/debian/patches/CVE-2020-35452.patch b/debian/patches/CVE-2020-35452.patch deleted file mode 100644 index 5204210..0000000 --- a/debian/patches/CVE-2020-35452.patch +++ /dev/null @@ -1,27 +0,0 @@ -Description: <short summary of the patch> -Author: Apache authors -Origin: upstream, https://github.com/apache/httpd/commit/3b6431e -Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452 -Forwarded: not-needed -Reviewed-By: Yadd <yadd@debian.org> -Last-Update: 2021-06-10 - ---- a/modules/aaa/mod_auth_digest.c -+++ b/modules/aaa/mod_auth_digest.c -@@ -1422,9 +1422,14 @@ - time_rec nonce_time; - char tmp, hash[NONCE_HASH_LEN+1]; - -- if (strlen(resp->nonce) != NONCE_LEN) { -+ /* Since the time part of the nonce is a base64 encoding of an -+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise. -+ */ -+ if (strlen(resp->nonce) != NONCE_LEN -+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775) -- "invalid nonce %s received - length is not %d", -+ "invalid nonce '%s' received - length is not %d " -+ "or time encoding is incorrect", - resp->nonce, NONCE_LEN); - note_digest_auth_failure(r, conf, resp, 1); - return HTTP_UNAUTHORIZED; |