summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2020-35452.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2020-35452.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2020-35452.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches/CVE-2020-35452.patch b/debian/patches/CVE-2020-35452.patch
new file mode 100644
index 0000000..5204210
--- /dev/null
+++ b/debian/patches/CVE-2020-35452.patch
@@ -0,0 +1,27 @@
+Description: <short summary of the patch>
+Author: Apache authors
+Origin: upstream, https://github.com/apache/httpd/commit/3b6431e
+Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/modules/aaa/mod_auth_digest.c
++++ b/modules/aaa/mod_auth_digest.c
+@@ -1422,9 +1422,14 @@
+ time_rec nonce_time;
+ char tmp, hash[NONCE_HASH_LEN+1];
+
+- if (strlen(resp->nonce) != NONCE_LEN) {
++ /* Since the time part of the nonce is a base64 encoding of an
++ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
++ */
++ if (strlen(resp->nonce) != NONCE_LEN
++ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
+- "invalid nonce %s received - length is not %d",
++ "invalid nonce '%s' received - length is not %d "
++ "or time encoding is incorrect",
+ resp->nonce, NONCE_LEN);
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;