diff options
Diffstat (limited to 'debian/patches/CVE-2021-44224-2.patch')
| -rw-r--r-- | debian/patches/CVE-2021-44224-2.patch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-44224-2.patch b/debian/patches/CVE-2021-44224-2.patch new file mode 100644 index 0000000..6b841dd --- /dev/null +++ b/debian/patches/CVE-2021-44224-2.patch @@ -0,0 +1,93 @@ +Description: mod_proxy: Don't prevent forwarding URIs w/ no hostname. + (fix for r1895955 already in 2.4.x) + . + Part not applied: + #--- a/modules/proxy/mod_proxy.h + #+++ b/modules/proxy/mod_proxy.h + #@@ -323,6 +323,8 @@ + # #define PROXY_WORKER_HC_FAIL_FLAG 'C' + # #define PROXY_WORKER_HOT_SPARE_FLAG 'R' + # + #+#define AP_PROXY_WORKER_NO_UDS (1u << 3) + #+ + # #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \ + # PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR | \ + # PROXY_WORKER_HC_FAIL ) + #--- a/modules/proxy/proxy_util.c + #+++ b/modules/proxy/proxy_util.c + #@@ -1661,9 +1661,11 @@ + # return NULL; + # } + # + #- url = ap_proxy_de_socketfy(p, url); + #- if (!url) { + #- return NULL; + #+ if (!(mask & AP_PROXY_WORKER_NO_UDS)) { + #+ url = ap_proxy_de_socketfy(p, url); + #+ if (!url) { + #+ return NULL; + #+ } + # } + # + # c = ap_strchr_c(url, ':'); +Author: Stefan Eissing <icing@apache.org> +Origin: upstream, https://github.com/apache/httpd/commit/a0521d289 +Bug: https://security-tracker.debian.org/tracker/CVE-2021-44224 +Forwarded: not-needed +Reviewed-By: Yadd <yadd@debian.org> +Last-Update: 2021-12-21 + +--- a/modules/proxy/mod_proxy.c ++++ b/modules/proxy/mod_proxy.c +@@ -576,9 +576,10 @@ + + /* Ick... msvc (perhaps others) promotes ternary short results to int */ + +- if (conf->req && r->parsed_uri.scheme && r->parsed_uri.hostname) { ++ if (conf->req && r->parsed_uri.scheme) { + /* but it might be something vhosted */ +- if (strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0 ++ if (!r->parsed_uri.hostname ++ || strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r)) != 0 + || !ap_matches_request_vhost(r, r->parsed_uri.hostname, + (apr_port_t)(r->parsed_uri.port_str + ? r->parsed_uri.port +--- a/modules/proxy/proxy_util.c ++++ b/modules/proxy/proxy_util.c +@@ -2128,22 +2128,21 @@ + + access_status = proxy_run_pre_request(worker, balancer, r, conf, url); + if (access_status == DECLINED && *balancer == NULL) { ++ const int forward = (r->proxyreq == PROXYREQ_PROXY); + *worker = ap_proxy_get_worker(r->pool, NULL, conf, *url); + if (*worker) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, + "%s: found worker %s for %s", + (*worker)->s->scheme, (*worker)->s->name, *url); +- *balancer = NULL; +- if (!fix_uds_filename(r, url)) { ++ if (!forward && !fix_uds_filename(r, url)) { + return HTTP_INTERNAL_SERVER_ERROR; + } + access_status = OK; + } +- else if (r->proxyreq == PROXYREQ_PROXY) { ++ else if (forward) { + if (conf->forward) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, + "*: found forward proxy worker for %s", *url); +- *balancer = NULL; + *worker = conf->forward; + access_status = OK; + /* +@@ -2157,8 +2156,8 @@ + else if (r->proxyreq == PROXYREQ_REVERSE) { + if (conf->reverse) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, +- "*: using default reverse proxy worker for %s (no keepalive)", *url); +- *balancer = NULL; ++ "*: using default reverse proxy worker for %s " ++ "(no keepalive)", *url); + *worker = conf->reverse; + access_status = OK; + /* |