summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-36160.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-36160.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-36160.patch')
-rw-r--r--debian/patches/CVE-2021-36160.patch51
1 files changed, 51 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-36160.patch b/debian/patches/CVE-2021-36160.patch
new file mode 100644
index 0000000..fcd8087
--- /dev/null
+++ b/debian/patches/CVE-2021-36160.patch
@@ -0,0 +1,51 @@
+Description: mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker
+Author: Yann Ylavic <ylavic@apache.org>
+Origin: upstream, https://github.com/apache/httpd/commit/b364cad7
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-36160
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-09-21
+
+--- a/modules/proxy/mod_proxy_uwsgi.c
++++ b/modules/proxy/mod_proxy_uwsgi.c
+@@ -452,11 +452,8 @@
+ const char *proxyname, apr_port_t proxyport)
+ {
+ int status;
+- int delta = 0;
+- int decode_status;
+ proxy_conn_rec *backend = NULL;
+ apr_pool_t *p = r->pool;
+- size_t w_len;
+ char server_portstr[32];
+ char *u_path_info;
+ apr_uri_t *uri;
+@@ -468,23 +465,14 @@
+
+ uri = apr_palloc(r->pool, sizeof(*uri));
+
+- /* ADD PATH_INFO */
+-#if AP_MODULE_MAGIC_AT_LEAST(20111130,0)
+- w_len = strlen(worker->s->name);
+-#else
+- w_len = strlen(worker->name);
+-#endif
+- u_path_info = r->filename + 6 + w_len;
+- if (u_path_info[0] != '/') {
+- delta = 1;
+- }
+- decode_status = ap_unescape_url(url + w_len - delta);
+- if (decode_status) {
++ /* ADD PATH_INFO (unescaped) */
++ u_path_info = ap_strchr(url + sizeof(UWSGI_SCHEME) + 2, '/');
++ if (!u_path_info || ap_unescape_url(u_path_info) != OK) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10100)
+- "unable to decode uri: %s", url + w_len - delta);
++ "unable to decode uwsgi uri: %s", url);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+- apr_table_add(r->subprocess_env, "PATH_INFO", url + w_len - delta);
++ apr_table_add(r->subprocess_env, "PATH_INFO", u_path_info);
+
+
+ /* Create space for state information */