diff options
Diffstat (limited to 'debian/patches/0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch')
| -rw-r--r-- | debian/patches/0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/debian/patches/0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch b/debian/patches/0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch new file mode 100644 index 0000000..446bb1a --- /dev/null +++ b/debian/patches/0010-VE-2024-39884-Regression-Remove-support-for-Request-.patch @@ -0,0 +1,160 @@ +From: Eric Covener <covener@apache.org> +Date: Fri, 27 Sep 2024 13:10:34 +0000 +Subject: VE-2024-39884 Regression Remove support for Request-Range header + sent by Navigator 2-3 and MSIE 3 + +Strings are from configuration and thus trusted + +Submitted by: sf, rpluem +Reviewed by: rpluem, covener, jorton + +Github: closes #475 +bug-debian: https://bugs.debian.org/1079206 +bug: https://github.com/apache/httpd/pull/475 +origin: https://github.com/apache/httpd/commit/5f82765bc640ddb6a13a681464856bf8f8a5cb10 +--- + modules/filters/mod_ext_filter.c | 2 +- + modules/generators/mod_autoindex.c | 6 +++--- + modules/http/byterange_filter.c | 43 ++++++-------------------------------- + modules/http/http_request.c | 2 +- + modules/proxy/mod_proxy_ftp.c | 4 ++-- + 5 files changed, 13 insertions(+), 44 deletions(-) + +diff --git a/modules/filters/mod_ext_filter.c b/modules/filters/mod_ext_filter.c +index 7afd8dd..6a7c9e4 100644 +--- a/modules/filters/mod_ext_filter.c ++++ b/modules/filters/mod_ext_filter.c +@@ -610,7 +610,7 @@ static apr_status_t init_filter_instance(ap_filter_t *f) + } + if (ctx->filter->outtype && + ctx->filter->outtype != OUTTYPE_UNCHANGED) { +- ap_set_content_type(f->r, ctx->filter->outtype); ++ ap_set_content_type_ex(f->r, ctx->filter->outtype, 1); + } + if (ctx->filter->preserves_content_length != 1) { + /* nasty, but needed to avoid confusing the browser +diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c +index cb44603..6280430 100644 +--- a/modules/generators/mod_autoindex.c ++++ b/modules/generators/mod_autoindex.c +@@ -2052,11 +2052,11 @@ static int index_directory(request_rec *r, + #endif + } + if (*charset) { +- ap_set_content_type(r, apr_pstrcat(r->pool, ctype, ";charset=", +- charset, NULL)); ++ ap_set_content_type_ex(r, apr_pstrcat(r->pool, ctype, ";charset=", ++ charset, NULL), 1); + } + else { +- ap_set_content_type(r, ctype); ++ ap_set_content_type_ex(r, ctype, 1); + } + + if (autoindex_opts & TRACK_MODIFIED) { +diff --git a/modules/http/byterange_filter.c b/modules/http/byterange_filter.c +index 5ebe853..a1ffdd3 100644 +--- a/modules/http/byterange_filter.c ++++ b/modules/http/byterange_filter.c +@@ -100,21 +100,7 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, + return 0; + } + +- /* +- * Check for Range request-header (HTTP/1.1) or Request-Range for +- * backwards-compatibility with second-draft Luotonen/Franks +- * byte-ranges (e.g. Netscape Navigator 2-3). +- * +- * We support this form, with Request-Range, and (farther down) we +- * send multipart/x-byteranges instead of multipart/byteranges for +- * Request-Range based requests to work around a bug in Netscape +- * Navigator 2-3 and MSIE 3. +- */ +- +- if (!(range = apr_table_get(r->headers_in, "Range"))) { +- range = apr_table_get(r->headers_in, "Request-Range"); +- } +- ++ range = apr_table_get(r->headers_in, "Range"); + if (!range || strncasecmp(range, "bytes=", 6) || r->status != HTTP_OK) { + return 0; + } +@@ -126,10 +112,9 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, + + /* is content already a multiple range? */ + if ((ct = apr_table_get(r->headers_out, "Content-Type")) +- && (!strncasecmp(ct, "multipart/byteranges", 20) +- || !strncasecmp(ct, "multipart/x-byteranges", 22))) { ++ && strncasecmp(ct, "multipart/byteranges", 20) == 0) { + return 0; +- } ++ } + + /* + * Check the If-Range header for Etag or Date. +@@ -298,21 +283,6 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, + return num_ranges; + } + +-/* +- * Here we try to be compatible with clients that want multipart/x-byteranges +- * instead of multipart/byteranges (also see above), as per HTTP/1.1. We +- * look for the Request-Range header (e.g. Netscape 2 and 3) as an indication +- * that the browser supports an older protocol. We also check User-Agent +- * for Microsoft Internet Explorer 3, which needs this as well. +- */ +-static int use_range_x(request_rec *r) +-{ +- const char *ua; +- return (apr_table_get(r->headers_in, "Request-Range") +- || ((ua = apr_table_get(r->headers_in, "User-Agent")) +- && ap_strstr_c(ua, "MSIE 3"))); +-} +- + #define BYTERANGE_FMT "%" APR_OFF_T_FMT "-%" APR_OFF_T_FMT "/%" APR_OFF_T_FMT + + static apr_status_t copy_brigade_range(apr_bucket_brigade *bb, +@@ -503,10 +473,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f, + /* Is ap_make_content_type required here? */ + const char *orig_ct = ap_make_content_type(r, r->content_type); + +- ap_set_content_type(r, apr_pstrcat(r->pool, "multipart", +- use_range_x(r) ? "/x-" : "/", +- "byteranges; boundary=", +- ap_multipart_boundary, NULL)); ++ ap_set_content_type_ex(r, apr_pstrcat(r->pool, ++ "multipart/byteranges; boundary=", ++ ap_multipart_boundary, NULL), 1); + + if (orig_ct) { + bound_head = apr_pstrcat(r->pool, +diff --git a/modules/http/http_request.c b/modules/http/http_request.c +index 7e9477b..46da143 100644 +--- a/modules/http/http_request.c ++++ b/modules/http/http_request.c +@@ -808,7 +808,7 @@ AP_DECLARE(void) ap_internal_redirect_handler(const char *new_uri, request_rec * + } + + if (r->handler) +- ap_set_content_type(new, r->content_type); ++ ap_set_content_type_ex(new, r->content_type, AP_REQUEST_IS_TRUSTED_CT(r)); + access_status = ap_process_request_internal(new); + if (access_status == OK) { + access_status = ap_invoke_handler(new); +diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c +index e0032e5..5175e45 100644 +--- a/modules/proxy/mod_proxy_ftp.c ++++ b/modules/proxy/mod_proxy_ftp.c +@@ -1878,10 +1878,10 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker, + + /* set content-type */ + if (dirlisting) { +- ap_set_content_type(r, apr_pstrcat(p, "text/html;charset=", ++ ap_set_content_type_ex(r, apr_pstrcat(p, "text/html;charset=", + fdconf->ftp_directory_charset ? + fdconf->ftp_directory_charset : +- "ISO-8859-1", NULL)); ++ "ISO-8859-1", NULL), 1); + } + else { + if (xfer_type != 'A' && size != NULL) { |