diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/CVE-2019-10092.patch | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/debian/patches/CVE-2019-10092.patch b/debian/patches/CVE-2019-10092.patch new file mode 100644 index 0000000..eb3352c --- /dev/null +++ b/debian/patches/CVE-2019-10092.patch @@ -0,0 +1,193 @@ +Description: Fix for CVE-2019-10092 +Author: Stefan Eissing +Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1864191 +Bug: https://security-tracker.debian.org/tracker/CVE-2019-10092 +Forwarded: not-needed +Reviewed-By: Xavier Guimard <yadd@debian.org> +Last-Update: 2019-10-11 +[Salvatore Bonaccorso: Add additional change from https://svn.apache.org/r1864699 +to add missing APLOGNO's in mod_proxy.c and mod_proxy_ftp.c] +--- a/modules/http/http_protocol.c ++++ b/modules/http/http_protocol.c +@@ -1132,13 +1132,10 @@ + "\">here</a>.</p>\n", + NULL)); + case HTTP_USE_PROXY: +- return(apr_pstrcat(p, +- "<p>This resource is only accessible " +- "through the proxy\n", +- ap_escape_html(r->pool, location), +- "<br />\nYou will need to configure " +- "your client to use that proxy.</p>\n", +- NULL)); ++ return("<p>This resource is only accessible " ++ "through the proxy\n" ++ "<br />\nYou will need to configure " ++ "your client to use that proxy.</p>\n"); + case HTTP_PROXY_AUTHENTICATION_REQUIRED: + case HTTP_UNAUTHORIZED: + return("<p>This server could not verify that you\n" +@@ -1154,34 +1151,20 @@ + "error-notes", + "</p>\n")); + case HTTP_FORBIDDEN: +- s1 = apr_pstrcat(p, +- "<p>You don't have permission to access ", +- ap_escape_html(r->pool, r->uri), +- "\non this server.<br />\n", +- NULL); +- return(add_optional_notes(r, s1, "error-notes", "</p>\n")); ++ return(add_optional_notes(r, "<p>You don't have permission to access this resource.", "error-notes", "</p>\n")); + case HTTP_NOT_FOUND: +- return(apr_pstrcat(p, +- "<p>The requested URL ", +- ap_escape_html(r->pool, r->uri), +- " was not found on this server.</p>\n", +- NULL)); ++ return("<p>The requested URL was not found on this server.</p>\n"); + case HTTP_METHOD_NOT_ALLOWED: + return(apr_pstrcat(p, + "<p>The requested method ", + ap_escape_html(r->pool, r->method), +- " is not allowed for the URL ", +- ap_escape_html(r->pool, r->uri), +- ".</p>\n", ++ " is not allowed for this URL.</p>\n", + NULL)); + case HTTP_NOT_ACCEPTABLE: +- s1 = apr_pstrcat(p, +- "<p>An appropriate representation of the " +- "requested resource ", +- ap_escape_html(r->pool, r->uri), +- " could not be found on this server.</p>\n", +- NULL); +- return(add_optional_notes(r, s1, "variant-list", "")); ++ return(add_optional_notes(r, ++ "<p>An appropriate representation of the requested resource " ++ "could not be found on this server.</p>\n", ++ "variant-list", "")); + case HTTP_MULTIPLE_CHOICES: + return(add_optional_notes(r, "", "variant-list", "")); + case HTTP_LENGTH_REQUIRED: +@@ -1192,18 +1175,13 @@ + NULL); + return(add_optional_notes(r, s1, "error-notes", "</p>\n")); + case HTTP_PRECONDITION_FAILED: +- return(apr_pstrcat(p, +- "<p>The precondition on the request " +- "for the URL ", +- ap_escape_html(r->pool, r->uri), +- " evaluated to false.</p>\n", +- NULL)); ++ return("<p>The precondition on the request " ++ "for this URL evaluated to false.</p>\n"); + case HTTP_NOT_IMPLEMENTED: + s1 = apr_pstrcat(p, + "<p>", +- ap_escape_html(r->pool, r->method), " to ", +- ap_escape_html(r->pool, r->uri), +- " not supported.<br />\n", ++ ap_escape_html(r->pool, r->method), " ", ++ " not supported for current URL.<br />\n", + NULL); + return(add_optional_notes(r, s1, "error-notes", "</p>\n")); + case HTTP_BAD_GATEWAY: +@@ -1211,29 +1189,19 @@ + "response from an upstream server.<br />" CRLF; + return(add_optional_notes(r, s1, "error-notes", "</p>\n")); + case HTTP_VARIANT_ALSO_VARIES: +- return(apr_pstrcat(p, +- "<p>A variant for the requested " +- "resource\n<pre>\n", +- ap_escape_html(r->pool, r->uri), +- "\n</pre>\nis itself a negotiable resource. " +- "This indicates a configuration error.</p>\n", +- NULL)); ++ return("<p>A variant for the requested " ++ "resource\n<pre>\n" ++ "\n</pre>\nis itself a negotiable resource. " ++ "This indicates a configuration error.</p>\n"); + case HTTP_REQUEST_TIME_OUT: + return("<p>Server timeout waiting for the HTTP request from the client.</p>\n"); + case HTTP_GONE: +- return(apr_pstrcat(p, +- "<p>The requested resource<br />", +- ap_escape_html(r->pool, r->uri), +- "<br />\nis no longer available on this server " +- "and there is no forwarding address.\n" +- "Please remove all references to this " +- "resource.</p>\n", +- NULL)); ++ return("<p>The requested resource is no longer available on this server" ++ " and there is no forwarding address.\n" ++ "Please remove all references to this resource.</p>\n"); + case HTTP_REQUEST_ENTITY_TOO_LARGE: + return(apr_pstrcat(p, +- "The requested resource<br />", +- ap_escape_html(r->pool, r->uri), "<br />\n", +- "does not allow request data with ", ++ "The requested resource does not allow request data with ", + ap_escape_html(r->pool, r->method), + " requests, or the amount of data provided in\n" + "the request exceeds the capacity limit.\n", +@@ -1317,11 +1285,9 @@ + "the Server Name Indication (SNI) in use for this\n" + "connection.</p>\n"); + case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS: +- s1 = apr_pstrcat(p, +- "<p>Access to ", ap_escape_html(r->pool, r->uri), +- "\nhas been denied for legal reasons.<br />\n", +- NULL); +- return(add_optional_notes(r, s1, "error-notes", "</p>\n")); ++ return(add_optional_notes(r, ++ "<p>Access to this URL has been denied for legal reasons.<br />\n", ++ "error-notes", "</p>\n")); + default: /* HTTP_INTERNAL_SERVER_ERROR */ + /* + * This comparison to expose error-notes could be modified to +--- a/modules/proxy/mod_proxy.c ++++ b/modules/proxy/mod_proxy.c +@@ -1049,9 +1049,10 @@ + char *end; + maxfwd = apr_strtoi64(str, &end, 10); + if (maxfwd < 0 || maxfwd == APR_INT64_MAX || *end) { +- return ap_proxyerror(r, HTTP_BAD_REQUEST, +- apr_psprintf(r->pool, +- "Max-Forwards value '%s' could not be parsed", str)); ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10188) ++ "Max-Forwards value '%s' could not be parsed", str); ++ return ap_proxyerror(r, HTTP_BAD_REQUEST, ++ "Max-Forwards request header could not be parsed"); + } + else if (maxfwd == 0) { + switch (r->method_number) { +--- a/modules/proxy/mod_proxy_ftp.c ++++ b/modules/proxy/mod_proxy_ftp.c +@@ -1024,8 +1024,9 @@ + /* We break the URL into host, port, path-search */ + if (r->parsed_uri.hostname == NULL) { + if (APR_SUCCESS != apr_uri_parse(p, url, &uri)) { +- return ap_proxyerror(r, HTTP_BAD_REQUEST, +- apr_psprintf(p, "URI cannot be parsed: %s", url)); ++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10189) ++ "URI cannot be parsed: %s", url); ++ return ap_proxyerror(r, HTTP_BAD_REQUEST, "URI cannot be parsed"); + } + connectname = uri.hostname; + connectport = uri.port; +--- a/modules/proxy/proxy_util.c ++++ b/modules/proxy/proxy_util.c +@@ -368,12 +368,9 @@ + + PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *message) + { +- const char *uri = ap_escape_html(r->pool, r->uri); + apr_table_setn(r->notes, "error-notes", + apr_pstrcat(r->pool, +- "The proxy server could not handle the request <em><a href=\"", +- uri, "\">", ap_escape_html(r->pool, r->method), " ", uri, +- "</a></em>.<p>\n" ++ "The proxy server could not handle the request<p>" + "Reason: <strong>", ap_escape_html(r->pool, message), + "</strong></p>", + NULL)); |