summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-44224-2.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-44224-2.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2021-44224-2.patch93
1 files changed, 93 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-44224-2.patch b/debian/patches/CVE-2021-44224-2.patch
new file mode 100644
index 0000000..6b841dd
--- /dev/null
+++ b/debian/patches/CVE-2021-44224-2.patch
@@ -0,0 +1,93 @@
+Description: mod_proxy: Don't prevent forwarding URIs w/ no hostname.
+ (fix for r1895955 already in 2.4.x)
+ .
+ Part not applied:
+ #--- a/modules/proxy/mod_proxy.h
+ #+++ b/modules/proxy/mod_proxy.h
+ #@@ -323,6 +323,8 @@
+ # #define PROXY_WORKER_HC_FAIL_FLAG 'C'
+ # #define PROXY_WORKER_HOT_SPARE_FLAG 'R'
+ #
+ #+#define AP_PROXY_WORKER_NO_UDS (1u << 3)
+ #+
+ # #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \
+ # PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR | \
+ # PROXY_WORKER_HC_FAIL )
+ #--- a/modules/proxy/proxy_util.c
+ #+++ b/modules/proxy/proxy_util.c
+ #@@ -1661,9 +1661,11 @@
+ # return NULL;
+ # }
+ #
+ #- url = ap_proxy_de_socketfy(p, url);
+ #- if (!url) {
+ #- return NULL;
+ #+ if (!(mask & AP_PROXY_WORKER_NO_UDS)) {
+ #+ url = ap_proxy_de_socketfy(p, url);
+ #+ if (!url) {
+ #+ return NULL;
+ #+ }
+ # }
+ #
+ # c = ap_strchr_c(url, ':');
+Author: Stefan Eissing <icing@apache.org>
+Origin: upstream, https://github.com/apache/httpd/commit/a0521d289
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-12-21
+
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -576,9 +576,10 @@
+
+ /* Ick... msvc (perhaps others) promotes ternary short results to int */
+
+- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) {
++ if (conf->req && r->parsed_uri.scheme) {
+ /* but it might be something vhosted */
+- if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
++ if (!r->parsed_uri.hostname
++ || strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0
+ || !ap_matches_request_vhost(r, r->parsed_uri.hostname,
+ (apr_port_t)(r->parsed_uri.port_str
+ ? r->parsed_uri.port
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -2128,22 +2128,21 @@
+
+ access_status = proxy_run_pre_request(worker, balancer, r, conf, url);
+ if (access_status == DECLINED && *balancer == NULL) {
++ const int forward = (r->proxyreq == PROXYREQ_PROXY);
+ *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url);
+ if (*worker) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+ "%s: found worker %s for %s",
+ (*worker)->s->scheme, (*worker)->s->name, *url);
+- *balancer = NULL;
+- if (!fix_uds_filename(r, url)) {
++ if (!forward && !fix_uds_filename(r, url)) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ access_status = OK;
+ }
+- else if (r->proxyreq == PROXYREQ_PROXY) {
++ else if (forward) {
+ if (conf->forward) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+ "*: found forward proxy worker for %s", *url);
+- *balancer = NULL;
+ *worker = conf->forward;
+ access_status = OK;
+ /*
+@@ -2157,8 +2156,8 @@
+ else if (r->proxyreq == PROXYREQ_REVERSE) {
+ if (conf->reverse) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+- "*: using default reverse proxy worker for %s (no keepalive)", *url);
+- *balancer = NULL;
++ "*: using default reverse proxy worker for %s "
++ "(no keepalive)", *url);
+ *worker = conf->reverse;
+ access_status = OK;
+ /*