summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2019-10092.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2019-10092.patch193
1 files changed, 193 insertions, 0 deletions
diff --git a/debian/patches/CVE-2019-10092.patch b/debian/patches/CVE-2019-10092.patch
new file mode 100644
index 0000000..eb3352c
--- /dev/null
+++ b/debian/patches/CVE-2019-10092.patch
@@ -0,0 +1,193 @@
+Description: Fix for CVE-2019-10092
+Author: Stefan Eissing
+Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1864191
+Bug: https://security-tracker.debian.org/tracker/CVE-2019-10092
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2019-10-11
+[Salvatore Bonaccorso: Add additional change from https://svn.apache.org/r1864699
+to add missing APLOGNO's in mod_proxy.c and mod_proxy_ftp.c]
+--- a/modules/http/http_protocol.c
++++ b/modules/http/http_protocol.c
+@@ -1132,13 +1132,10 @@
+ "\">here</a>.</p>\n",
+ NULL));
+ case HTTP_USE_PROXY:
+- return(apr_pstrcat(p,
+- "<p>This resource is only accessible "
+- "through the proxy\n",
+- ap_escape_html(r->pool, location),
+- "<br />\nYou will need to configure "
+- "your client to use that proxy.</p>\n",
+- NULL));
++ return("<p>This resource is only accessible "
++ "through the proxy\n"
++ "<br />\nYou will need to configure "
++ "your client to use that proxy.</p>\n");
+ case HTTP_PROXY_AUTHENTICATION_REQUIRED:
+ case HTTP_UNAUTHORIZED:
+ return("<p>This server could not verify that you\n"
+@@ -1154,34 +1151,20 @@
+ "error-notes",
+ "</p>\n"));
+ case HTTP_FORBIDDEN:
+- s1 = apr_pstrcat(p,
+- "<p>You don't have permission to access ",
+- ap_escape_html(r->pool, r->uri),
+- "\non this server.<br />\n",
+- NULL);
+- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
++ return(add_optional_notes(r, "<p>You don't have permission to access this resource.", "error-notes", "</p>\n"));
+ case HTTP_NOT_FOUND:
+- return(apr_pstrcat(p,
+- "<p>The requested URL ",
+- ap_escape_html(r->pool, r->uri),
+- " was not found on this server.</p>\n",
+- NULL));
++ return("<p>The requested URL was not found on this server.</p>\n");
+ case HTTP_METHOD_NOT_ALLOWED:
+ return(apr_pstrcat(p,
+ "<p>The requested method ",
+ ap_escape_html(r->pool, r->method),
+- " is not allowed for the URL ",
+- ap_escape_html(r->pool, r->uri),
+- ".</p>\n",
++ " is not allowed for this URL.</p>\n",
+ NULL));
+ case HTTP_NOT_ACCEPTABLE:
+- s1 = apr_pstrcat(p,
+- "<p>An appropriate representation of the "
+- "requested resource ",
+- ap_escape_html(r->pool, r->uri),
+- " could not be found on this server.</p>\n",
+- NULL);
+- return(add_optional_notes(r, s1, "variant-list", ""));
++ return(add_optional_notes(r,
++ "<p>An appropriate representation of the requested resource "
++ "could not be found on this server.</p>\n",
++ "variant-list", ""));
+ case HTTP_MULTIPLE_CHOICES:
+ return(add_optional_notes(r, "", "variant-list", ""));
+ case HTTP_LENGTH_REQUIRED:
+@@ -1192,18 +1175,13 @@
+ NULL);
+ return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+ case HTTP_PRECONDITION_FAILED:
+- return(apr_pstrcat(p,
+- "<p>The precondition on the request "
+- "for the URL ",
+- ap_escape_html(r->pool, r->uri),
+- " evaluated to false.</p>\n",
+- NULL));
++ return("<p>The precondition on the request "
++ "for this URL evaluated to false.</p>\n");
+ case HTTP_NOT_IMPLEMENTED:
+ s1 = apr_pstrcat(p,
+ "<p>",
+- ap_escape_html(r->pool, r->method), " to ",
+- ap_escape_html(r->pool, r->uri),
+- " not supported.<br />\n",
++ ap_escape_html(r->pool, r->method), " ",
++ " not supported for current URL.<br />\n",
+ NULL);
+ return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+ case HTTP_BAD_GATEWAY:
+@@ -1211,29 +1189,19 @@
+ "response from an upstream server.<br />" CRLF;
+ return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+ case HTTP_VARIANT_ALSO_VARIES:
+- return(apr_pstrcat(p,
+- "<p>A variant for the requested "
+- "resource\n<pre>\n",
+- ap_escape_html(r->pool, r->uri),
+- "\n</pre>\nis itself a negotiable resource. "
+- "This indicates a configuration error.</p>\n",
+- NULL));
++ return("<p>A variant for the requested "
++ "resource\n<pre>\n"
++ "\n</pre>\nis itself a negotiable resource. "
++ "This indicates a configuration error.</p>\n");
+ case HTTP_REQUEST_TIME_OUT:
+ return("<p>Server timeout waiting for the HTTP request from the client.</p>\n");
+ case HTTP_GONE:
+- return(apr_pstrcat(p,
+- "<p>The requested resource<br />",
+- ap_escape_html(r->pool, r->uri),
+- "<br />\nis no longer available on this server "
+- "and there is no forwarding address.\n"
+- "Please remove all references to this "
+- "resource.</p>\n",
+- NULL));
++ return("<p>The requested resource is no longer available on this server"
++ " and there is no forwarding address.\n"
++ "Please remove all references to this resource.</p>\n");
+ case HTTP_REQUEST_ENTITY_TOO_LARGE:
+ return(apr_pstrcat(p,
+- "The requested resource<br />",
+- ap_escape_html(r->pool, r->uri), "<br />\n",
+- "does not allow request data with ",
++ "The requested resource does not allow request data with ",
+ ap_escape_html(r->pool, r->method),
+ " requests, or the amount of data provided in\n"
+ "the request exceeds the capacity limit.\n",
+@@ -1317,11 +1285,9 @@
+ "the Server Name Indication (SNI) in use for this\n"
+ "connection.</p>\n");
+ case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
+- s1 = apr_pstrcat(p,
+- "<p>Access to ", ap_escape_html(r->pool, r->uri),
+- "\nhas been denied for legal reasons.<br />\n",
+- NULL);
+- return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
++ return(add_optional_notes(r,
++ "<p>Access to this URL has been denied for legal reasons.<br />\n",
++ "error-notes", "</p>\n"));
+ default: /* HTTP_INTERNAL_SERVER_ERROR */
+ /*
+ * This comparison to expose error-notes could be modified to
+--- a/modules/proxy/mod_proxy.c
++++ b/modules/proxy/mod_proxy.c
+@@ -1049,9 +1049,10 @@
+ char *end;
+ maxfwd = apr_strtoi64(str, &end, 10);
+ if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) {
+- return ap_proxyerror(r, HTTP_BAD_REQUEST,
+- apr_psprintf(r->pool,
+- "Max-Forwards value '%s' could not be parsed", str));
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10188)
++ "Max-Forwards value '%s' could not be parsed", str);
++ return ap_proxyerror(r, HTTP_BAD_REQUEST,
++ "Max-Forwards request header could not be parsed");
+ }
+ else if (maxfwd == 0) {
+ switch (r->method_number) {
+--- a/modules/proxy/mod_proxy_ftp.c
++++ b/modules/proxy/mod_proxy_ftp.c
+@@ -1024,8 +1024,9 @@
+ /* We break the URL into host, port, path-search */
+ if (r->parsed_uri.hostname == NULL) {
+ if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) {
+- return ap_proxyerror(r, HTTP_BAD_REQUEST,
+- apr_psprintf(p, "URI cannot be parsed: %s", url));
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10189)
++ "URI cannot be parsed: %s", url);
++ return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed");
+ }
+ connectname = uri.hostname;
+ connectport = uri.port;
+--- a/modules/proxy/proxy_util.c
++++ b/modules/proxy/proxy_util.c
+@@ -368,12 +368,9 @@
+
+ PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message)
+ {
+- const char *uri = ap_escape_html(r->pool, r->uri);
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+- "The proxy server could not handle the request <em><a href=\"",
+- uri, "\">", ap_escape_html(r->pool, r->method), "&nbsp;", uri,
+- "</a></em>.<p>\n"
++ "The proxy server could not handle the request<p>"
+ "Reason: <strong>", ap_escape_html(r->pool, message),
+ "</strong></p>",
+ NULL));