summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-44224-1.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2021-44224-1.patch206
1 files changed, 0 insertions, 206 deletions
diff --git a/debian/patches/CVE-2021-44224-1.patch b/debian/patches/CVE-2021-44224-1.patch
deleted file mode 100644
index 0f540c8..0000000
--- a/debian/patches/CVE-2021-44224-1.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-Description: CVE-2021-44224
-Author: Yann Ylavic <ylavic@apache.org>
-Origin: upstream, https://github.com/apache/httpd/commit/a962ba73
-Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-12-21
-
---- a/include/http_protocol.h
-+++ b/include/http_protocol.h
-@@ -75,6 +75,13 @@
- AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r,
- apr_bucket_brigade *bb);
-
-+/**
-+ * Run post_read_request hook and validate.
-+ * @param r The current request
-+ * @return OK or HTTP_...
-+ */
-+AP_DECLARE(int) ap_post_read_request(request_rec *r);
-+
- /* Finish up stuff after a request */
-
- /**
---- a/modules/http/http_request.c
-+++ b/modules/http/http_request.c
-@@ -681,7 +681,7 @@
- * to do their thing on internal redirects as well. Perhaps this is a
- * misnamed function.
- */
-- if ((access_status = ap_run_post_read_request(new))) {
-+ if ((access_status = ap_post_read_request(new))) {
- ap_die(access_status, new);
- return NULL;
- }
---- a/modules/http2/h2_request.c
-+++ b/modules/http2/h2_request.c
-@@ -337,7 +337,7 @@
- NULL, r, r->connection);
-
- if (access_status != HTTP_OK
-- || (access_status = ap_run_post_read_request(r))) {
-+ || (access_status = ap_post_read_request(r))) {
- /* Request check post hooks failed. An example of this would be a
- * request for a vhost where h2 is disabled --> 421.
- */
---- a/modules/proxy/mod_proxy.c
-+++ b/modules/proxy/mod_proxy.c
-@@ -576,13 +576,13 @@
-
- /* Ick... msvc (perhaps others) promotes ternary short results to int */
-
-- if (conf->req && r->parsed_uri.scheme) {
-+ if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
- /* but it might be something vhosted */
-- if (!(r->parsed_uri.hostname
-- && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))
-- && ap_matches_request_vhost(r, r->parsed_uri.hostname,
-- (apr_port_t)(r->parsed_uri.port_str ? r->parsed_uri.port
-- : ap_default_port(r))))) {
-+ if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
-+ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
-+ (apr_port_t)(r->parsed_uri.port_str
-+ ? r->parsed_uri.port
-+ : ap_default_port(r)))) {
- r->proxyreq = PROXYREQ_PROXY;
- r->uri = r->unparsed_uri;
- r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
-@@ -1722,6 +1722,7 @@
- struct proxy_alias *new;
- char *f = cmd->path;
- char *r = NULL;
-+ const char *real;
- char *word;
- apr_table_t *params = apr_table_make(cmd->pool, 5);
- const apr_array_header_t *arr;
-@@ -1787,6 +1788,10 @@
- if (r == NULL) {
- return "ProxyPass|ProxyPassMatch needs a path when not defined in a location";
- }
-+ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, r))) {
-+ return "ProxyPass|ProxyPassMatch uses an invalid \"unix:\" URL";
-+ }
-+
-
- /* if per directory, save away the single alias */
- if (cmd->path) {
-@@ -1803,7 +1808,7 @@
- }
-
- new->fake = apr_pstrdup(cmd->pool, f);
-- new->real = apr_pstrdup(cmd->pool, ap_proxy_de_socketfy(cmd->pool, r));
-+ new->real = apr_pstrdup(cmd->pool, real);
- new->flags = flags;
- if (use_regex) {
- new->regex = ap_pregcomp(cmd->pool, f, AP_REG_EXTENDED);
-@@ -2280,6 +2285,7 @@
- proxy_worker *worker;
- char *path = cmd->path;
- char *name = NULL;
-+ const char *real;
- char *word;
- apr_table_t *params = apr_table_make(cmd->pool, 5);
- const apr_array_header_t *arr;
-@@ -2320,6 +2326,9 @@
- return "BalancerMember must define balancer name when outside <Proxy > section";
- if (!name)
- return "BalancerMember must define remote proxy server";
-+ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
-+ return "BalancerMember uses an invalid \"unix:\" URL";
-+ }
-
- ap_str_tolower(path); /* lowercase scheme://hostname */
-
-@@ -2332,7 +2341,7 @@
- }
-
- /* Try to find existing worker */
-- worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, ap_proxy_de_socketfy(cmd->temp_pool, name));
-+ worker = ap_proxy_get_worker(cmd->temp_pool, balancer, conf, real);
- if (!worker) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01147)
- "Defining worker '%s' for balancer '%s'",
-@@ -2421,7 +2430,14 @@
- }
- }
- else {
-- worker = ap_proxy_get_worker(cmd->temp_pool, NULL, conf, ap_proxy_de_socketfy(cmd->temp_pool, name));
-+ const char *real;
-+
-+ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, name))) {
-+ return "ProxySet uses an invalid \"unix:\" URL";
-+ }
-+
-+ worker = ap_proxy_get_worker(cmd->temp_pool, NULL, conf,
-+ real);
- if (!worker) {
- if (in_proxy_section) {
- err = ap_proxy_define_worker(cmd->pool, &worker, NULL,
-@@ -2563,8 +2579,14 @@
- }
- }
- else {
-+ const char *real;
-+
-+ if (!(real = ap_proxy_de_socketfy(cmd->temp_pool, conf->p))) {
-+ return "<Proxy/ProxyMatch > uses an invalid \"unix:\" URL";
-+ }
-+
- worker = ap_proxy_get_worker(cmd->temp_pool, NULL, sconf,
-- ap_proxy_de_socketfy(cmd->temp_pool, (char*)conf->p));
-+ real);
- if (!worker) {
- err = ap_proxy_define_worker(cmd->pool, &worker, NULL,
- sconf, conf->p, 0);
---- a/modules/proxy/proxy_util.c
-+++ b/modules/proxy/proxy_util.c
-@@ -1662,6 +1662,9 @@
- }
-
- url = ap_proxy_de_socketfy(p, url);
-+ if (!url) {
-+ return NULL;
-+ }
-
- c = ap_strchr_c(url, ':');
- if (c == NULL || c[1] != '/' || c[2] != '/' || c[3] == '\0') {
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -1465,7 +1465,7 @@
- NULL, r, r->connection);
-
- if (access_status != HTTP_OK
-- || (access_status = ap_run_post_read_request(r))) {
-+ || (access_status = ap_post_read_request(r))) {
- ap_die(access_status, r);
- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
- ap_run_log_transaction(r);
-@@ -1503,6 +1503,27 @@
- return r;
- }
-
-+AP_DECLARE(int) ap_post_read_request(request_rec *r)
-+{
-+ int status;
-+
-+ if ((status = ap_run_post_read_request(r))) {
-+ return status;
-+ }
-+
-+ /* Enforce http(s) only scheme for non-forward-proxy requests */
-+ if (!r->proxyreq
-+ && r->parsed_uri.scheme
-+ && (ap_cstr_casecmpn(r->parsed_uri.scheme, "http", 4) != 0
-+ || (r->parsed_uri.scheme[4] != '\0'
-+ && (apr_tolower(r->parsed_uri.scheme[4]) != 's'
-+ || r->parsed_uri.scheme[5] != '\0')))) {
-+ return HTTP_BAD_REQUEST;
-+ }
-+
-+ return OK;
-+}
-+
- /* if a request with a body creates a subrequest, remove original request's
- * input headers which pertain to the body which has already been read.
- * out-of-line helper function for ap_set_sub_req_protocol.