[gentoo-commits] proj/apache:master commit in: 2.2/patches/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/apache:master commit in: 2.2/patches/
Date:	Sat, 09 Nov 2013 15:33:12
Message-Id:	`1318918338.f77f8958d181ddf877dea7d373ed8cdbda006dd3.polynomial-c@gentoo`

1

commit:     f77f8958d181ddf877dea7d373ed8cdbda006dd3

2

Author:     Peter Volkov <pva <AT> gentoo <DOT> org>

3

AuthorDate: Tue Oct 18 06:12:18 2011 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue Oct 18 06:12:18 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=f77f8958

7

8

Patch to fix Reverse Proxy Mode Security Bypass (CVE-2011-3368).

9

10

---

11

 .../25_all-apply_to_2.2.21-CVE-2011-3368.patch     | 34 ++++++++++++++++++++++

12

 1 file changed, 34 insertions(+)

13

14

diff --git a/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch

15

new file mode 100644

16

index 0000000..e8125d9

17

--- /dev/null

18

+++ b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch

19

@@ -0,0 +1,34 @@

20

+

21

+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some

22

+reverse proxy configurations by strictly validating the request-URI.

23

+

24

+http://svn.apache.org/viewvc?rev=1179239&view=rev

25

+

26

+--- httpd-2.2.21/server/protocol.c

27

++++ httpd-2.2.21/server/protocol.c

28

+@@ -640,6 +640,25 @@

29

+

30

+     ap_parse_uri(r, uri);

31

+

32

++    /* RFC 2616:

33

++     *   Request-URI    = "*" | absoluteURI | abs_path | authority

34

++     *

35

++     * authority is a special case for CONNECT.  If the request is not

36

++     * using CONNECT, and the parsed URI does not have scheme, and

37

++     * it does not begin with '/', and it is not '*', then, fail

38

++     * and give a 400 response. */

39

++    if (r->method_number != M_CONNECT 

40

++        && !r->parsed_uri.scheme 

41

++        && uri[0] != '/'

42

++        && !(uri[0] == '*' && uri[1] == '\0')) {

43

++        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,

44

++                      "invalid request-URI %s", uri);

45

++        r->args = NULL;

46

++        r->hostname = NULL;

47

++        r->status = HTTP_BAD_REQUEST;

48

++        r->uri = apr_pstrdup(r->pool, uri);

49

++    }

50

++

51

+     if (ll[0]) {

52

+         r->assbackwards = 0;

53

+         pro = ll;

1	commit: f77f8958d181ddf877dea7d373ed8cdbda006dd3
2	Author: Peter Volkov <pva <AT> gentoo <DOT> org>
3	AuthorDate: Tue Oct 18 06:12:18 2011 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Tue Oct 18 06:12:18 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=f77f8958
7
8	Patch to fix Reverse Proxy Mode Security Bypass (CVE-2011-3368).
9
10	---
11	.../25_all-apply_to_2.2.21-CVE-2011-3368.patch \| 34 ++++++++++++++++++++++
12	1 file changed, 34 insertions(+)
13
14	diff --git a/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
15	new file mode 100644
16	index 0000000..e8125d9
17	--- /dev/null
18	+++ b/2.2/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
19	@@ -0,0 +1,34 @@
20	+
21	+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
22	+reverse proxy configurations by strictly validating the request-URI.
23	+
24	+http://svn.apache.org/viewvc?rev=1179239&view=rev
25	+
26	+--- httpd-2.2.21/server/protocol.c
27	++++ httpd-2.2.21/server/protocol.c
28	+@@ -640,6 +640,25 @@
29	+
30	+ ap_parse_uri(r, uri);
31	+
32	++ /* RFC 2616:
33	++ * Request-URI = "*" \| absoluteURI \| abs_path \| authority
34	++ *
35	++ * authority is a special case for CONNECT. If the request is not
36	++ * using CONNECT, and the parsed URI does not have scheme, and
37	++ * it does not begin with '/', and it is not '*', then, fail
38	++ * and give a 400 response. */
39	++ if (r->method_number != M_CONNECT
40	++ && !r->parsed_uri.scheme
41	++ && uri[0] != '/'
42	++ && !(uri[0] == '*' && uri[1] == '\0')) {
43	++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
44	++ "invalid request-URI %s", uri);
45	++ r->args = NULL;
46	++ r->hostname = NULL;
47	++ r->status = HTTP_BAD_REQUEST;
48	++ r->uri = apr_pstrdup(r->pool, uri);
49	++ }
50	++
51	+ if (ll[0]) {
52	+ r->assbackwards = 0;
53	+ pro = ll;

Gentoo Archives: gentoo-commits