1 |
commit: f77f8958d181ddf877dea7d373ed8cdbda006dd3 |
2 |
Author: Peter Volkov <pva <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Oct 18 06:12:18 2011 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Oct 18 06:12:18 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=f77f8958 |
7 |
|
8 |
Patch to fix Reverse Proxy Mode Security Bypass (CVE-2011-3368). |
9 |
|
10 |
--- |
11 |
.../25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 ++++++++++++++++++++++ |
12 |
1 file changed, 34 insertions(+) |
13 |
|
14 |
diff --git a/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
15 |
new file mode 100644 |
16 |
index 0000000..e8125d9 |
17 |
--- /dev/null |
18 |
+++ b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
19 |
@@ -0,0 +1,34 @@ |
20 |
+ |
21 |
+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some |
22 |
+reverse proxy configurations by strictly validating the request-URI. |
23 |
+ |
24 |
+http://svn.apache.org/viewvc?rev=1179239&view=rev |
25 |
+ |
26 |
+--- httpd-2.2.21/server/protocol.c |
27 |
++++ httpd-2.2.21/server/protocol.c |
28 |
+@@ -640,6 +640,25 @@ |
29 |
+ |
30 |
+ ap_parse_uri(r, uri); |
31 |
+ |
32 |
++ /* RFC 2616: |
33 |
++ * Request-URI = "*" | absoluteURI | abs_path | authority |
34 |
++ * |
35 |
++ * authority is a special case for CONNECT. If the request is not |
36 |
++ * using CONNECT, and the parsed URI does not have scheme, and |
37 |
++ * it does not begin with '/', and it is not '*', then, fail |
38 |
++ * and give a 400 response. */ |
39 |
++ if (r->method_number != M_CONNECT |
40 |
++ && !r->parsed_uri.scheme |
41 |
++ && uri[0] != '/' |
42 |
++ && !(uri[0] == '*' && uri[1] == '\0')) { |
43 |
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
44 |
++ "invalid request-URI %s", uri); |
45 |
++ r->args = NULL; |
46 |
++ r->hostname = NULL; |
47 |
++ r->status = HTTP_BAD_REQUEST; |
48 |
++ r->uri = apr_pstrdup(r->pool, uri); |
49 |
++ } |
50 |
++ |
51 |
+ if (ll[0]) { |
52 |
+ r->assbackwards = 0; |
53 |
+ pro = ll; |