packages/apr-util
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!21 update to 1.6.3

Browse Source 
From: @pshysimon 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-02-04 08:44:13 +00:00 committed by Gitee
commit ff27f879d0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
10 changed files with 5 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
Fix-error-handling-in-gdbm.patch
View File

@ -1,133 +0,0 @@
From 1a476fb1cc53aa7beedf3d6e90573a81a421c506 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Sun, 25 Feb 2018 16:41:11 +0000
Subject: [PATCH 06/15] Fix error handling in gdbm
Only check for gdbm_errno if the return value of the called gdbm_*
function says so. This fixes apr-util with gdbm 1.14, which does not
seem to always reset gdbm_errno.
Also make the gdbm driver return error codes starting with
APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is
what the berkleydb driver already does.
Also ensure that dsize is 0 if dptr == NULL.
(backport of r1825311 in apr trunk)
git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1825312 13f79535-47bb-0310-9956-ffa450edef68
---
CHANGES | 5 ++++-
dbm/apr_dbm_gdbm.c | 48 ++++++++++++++++++++++++++++------------------
2 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c
index 749447a0..4d563491 100644
--- a/dbm/apr_dbm_gdbm.c
+++ b/dbm/apr_dbm_gdbm.c
@@ -36,8 +36,20 @@
static apr_status_t g2s(int gerr)
{
if (gerr == -1) {
- /* ### need to fix this */
- return APR_EGENERAL;
+ if (gdbm_errno == GDBM_NO_ERROR)
+ return APR_SUCCESS;
+ return APR_OS_START_USEERR + gdbm_errno;
+ }
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t gdat2s(datum d)
+{
+ if (d.dptr == NULL) {
+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND)
+ return APR_SUCCESS;
+ return APR_OS_START_USEERR + gdbm_errno;
}
return APR_SUCCESS;
@@ -53,22 +65,14 @@ static apr_status_t datum_cleanup(void *dptr)
static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said)
{
- apr_status_t rv = APR_SUCCESS;
-
- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */
+ dbm->errcode = dbm_said;
- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) {
+ if (dbm_said == APR_SUCCESS)
dbm->errmsg = NULL;
- }
- else {
- dbm->errmsg = gdbm_strerror(gdbm_errno);
- rv = APR_EGENERAL; /* ### need something better */
- }
-
- /* captured it. clear it now. */
- gdbm_errno = GDBM_NO_ERROR;
+ else
+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR);
- return rv;
+ return dbm_said;
}
/* --------------------------------------------------------------------------
@@ -107,7 +111,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname,
NULL);
if (file == NULL)
- return APR_EGENERAL; /* ### need a better error */
+ return APR_OS_START_USEERR + gdbm_errno;
/* we have an open database... return it */
*pdb = apr_pcalloc(pool, sizeof(**pdb));
@@ -141,10 +145,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key,
if (pvalue->dptr)
apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup,
apr_pool_cleanup_null);
+ else
+ pvalue->dsize = 0;
/* store the error info into DBM, and return a status code. Also, note
that *pvalue should have been cleared on error. */
- return set_error(dbm, APR_SUCCESS);
+ return set_error(dbm, gdat2s(rd));
}
static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key,
@@ -201,9 +207,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey)
if (pkey->dptr)
apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
apr_pool_cleanup_null);
+ else
+ pkey->dsize = 0;
/* store any error info into DBM, and return a status code. */
- return set_error(dbm, APR_SUCCESS);
+ return set_error(dbm, gdat2s(rd));
}
static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
@@ -221,9 +229,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
if (pkey->dptr)
apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
apr_pool_cleanup_null);
+ else
+ pkey->dsize = 0;
/* store any error info into DBM, and return a status code. */
- return set_error(dbm, APR_SUCCESS);
+ return set_error(dbm, gdat2s(rd));
}
static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data)
--
2.19.1

46
Merge-r1822315-from-trunk.patch
View File

@ -1,46 +0,0 @@
From aecf1eb280326484a58b21c68a18373f7c17872e Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 5 Feb 2018 09:44:16 +0000
Subject: [PATCH 05/15] Merge r1822315 from trunk:
* We cannot access list any longer after we called apr_allocator_free as it points to memory we just freed.
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1823146 13f79535-47bb-0310-9956-ffa450edef68
---
buckets/apr_buckets_alloc.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/buckets/apr_buckets_alloc.c b/buckets/apr_buckets_alloc.c
index e5838dd0..2d6f214e 100644
--- a/buckets/apr_buckets_alloc.c
+++ b/buckets/apr_buckets_alloc.c
@@ -45,12 +45,21 @@ struct apr_bucket_alloc_t {
static apr_status_t alloc_cleanup(void *data)
{
apr_bucket_alloc_t *list = data;
+#if APR_POOL_DEBUG
+ apr_allocator_t *allocator = NULL;
+#endif
+
+#if APR_POOL_DEBUG
+ if (list->pool && list->allocator != apr_pool_allocator_get(list->pool)) {
+ allocator = list->allocator;
+ }
+#endif
apr_allocator_free(list->allocator, list->blocks);
#if APR_POOL_DEBUG
- if (list->pool && list->allocator != apr_pool_allocator_get(list->pool)) {
- apr_allocator_destroy(list->allocator);
+ if (allocator) {
+ apr_allocator_destroy(allocator);
}
#endif
--
2.19.1

142
Merge-r1834022-r1834023-r1834024-from-trunk.patch
View File

@ -1,142 +0,0 @@
From a3a77fb2cb515be72de6eb36d51da40998a2d8a3 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 27 Jun 2018 23:18:10 +0000
Subject: [PATCH 08/15] Merge r1834022, r1834023, r1834024 from trunk:
apr_reslist: test for ttl = 0
The current reslist implementation handles ttl=0 as no TTL when acquiring
resources (expected and documented), but as zero TTL when releasing (immediate
expiry, so resources above smax are never recycled).
This test validates the upcoming fix (r1834023).
apr_reslist: fix release of resource with zero/no TTL.
Ignore expiry when ttl=0 in apr_reslist_maintain(), like apr_reslist_acquire().
While ttl=0 is supposed to mean no TTL/expiry, apr_reslist_maintain() hence
apr_reslist_release() were destroying all resources above smax in this case.
Corresponding test already committed in r1834022.
apr_reslist: follow up to r1834023: avoid unnecessary apr_time_now() calls.
When ttl=0 is configured, we never need to check for expiry.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1834558 13f79535-47bb-0310-9956-ffa450edef68
---
misc/apr_reslist.c | 16 +++++++++++-----
test/testreslist.c | 39 +++++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+), 5 deletions(-)
diff --git a/misc/apr_reslist.c b/misc/apr_reslist.c
index 0c43e074..12ae96a1 100644
--- a/misc/apr_reslist.c
+++ b/misc/apr_reslist.c
@@ -81,7 +81,9 @@ static apr_res_t *pop_resource(apr_reslist_t *reslist)
static void push_resource(apr_reslist_t *reslist, apr_res_t *resource)
{
APR_RING_INSERT_HEAD(&reslist->avail_list, resource, apr_res_t, link);
- resource->freed = apr_time_now();
+ if (reslist->ttl) {
+ resource->freed = apr_time_now();
+ }
reslist->nidle++;
}
@@ -210,8 +212,10 @@ APU_DECLARE(apr_status_t) apr_reslist_maintain(apr_reslist_t *reslist)
created_one++;
}
- /* We don't need to see if we're over the max if we were under it before */
- if (created_one) {
+ /* We don't need to see if we're over the max if we were under it before,
+ * nor need we check for expiry if no ttl is configure.
+ */
+ if (created_one || !reslist->ttl) {
#if APR_HAS_THREADS
apr_thread_mutex_unlock(reslist->listlock);
#endif
@@ -328,14 +332,16 @@ APU_DECLARE(apr_status_t) apr_reslist_acquire(apr_reslist_t *reslist,
{
apr_status_t rv;
apr_res_t *res;
- apr_time_t now;
+ apr_time_t now = 0;
#if APR_HAS_THREADS
apr_thread_mutex_lock(reslist->listlock);
#endif
/* If there are idle resources on the available list, use
* them right away. */
- now = apr_time_now();
+ if (reslist->ttl) {
+ now = apr_time_now();
+ }
while (reslist->nidle > 0) {
/* Pop off the first resource */
res = pop_resource(reslist);
diff --git a/test/testreslist.c b/test/testreslist.c
index 36333a15..78c908d2 100644
--- a/test/testreslist.c
+++ b/test/testreslist.c
@@ -258,6 +258,44 @@ static void test_reslist(abts_case *tc, void *data)
ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
}
+static void test_reslist_no_ttl(abts_case *tc, void *data)
+{
+ apr_status_t rv;
+ apr_reslist_t *rl;
+ my_parameters_t *params;
+ my_resource_t *res;
+
+ /* Parameters (sleep not used) */
+ params = apr_pcalloc(p, sizeof(*params));
+
+ rv = apr_reslist_create(&rl,
+ /*no min*/0, /*no smax*/0, /*max*/1, /*no ttl*/0,
+ my_constructor, my_destructor, params, p);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+ /* Acquire/contruct one resource */
+ rv = apr_reslist_acquire(rl, (void **)&res);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+ ABTS_INT_EQUAL(tc, 0, res->id);
+
+ /* Release it before next check */
+ rv = apr_reslist_release(rl, res);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+ /* Re-acquire/release: the resource should be the same */
+ rv = apr_reslist_acquire(rl, (void **)&res);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+ ABTS_INT_EQUAL(tc, 0, res->id);
+
+ /* Release it before cleanup */
+ rv = apr_reslist_release(rl, res);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+ rv = apr_reslist_destroy(rl);
+ ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+ ABTS_INT_EQUAL(tc, params->d_count, 1);
+}
+
#endif /* APR_HAS_THREADS */
abts_suite *testreslist(abts_suite *suite)
@@ -266,6 +304,7 @@ abts_suite *testreslist(abts_suite *suite)
#if APR_HAS_THREADS
abts_run_test(suite, test_reslist, NULL);
+ abts_run_test(suite, test_reslist_no_ttl, NULL);
#endif
return suite;
--
2.19.1

30
Remove-dereference-of-null-pointer.patch
View File

@ -1,30 +0,0 @@
From 966ad88931e413f1f6a29035af67fe06b7e7fdc3 Mon Sep 17 00:00:00 2001
From: Rainer Jung <rjung@apache.org>
Date: Sat, 25 Aug 2018 13:38:26 +0000
Subject: [PATCH 10/15] Remove dereference of null pointer.
Backport of r1836231 from trunk.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1839051 13f79535-47bb-0310-9956-ffa450edef68
---
hooks/apr_hooks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hooks/apr_hooks.c b/hooks/apr_hooks.c
index 4cedb3a5..af3dc958 100644
--- a/hooks/apr_hooks.c
+++ b/hooks/apr_hooks.c
@@ -180,7 +180,8 @@ static TSort *tsort(TSort *pData,int nItems)
break;
}
}
- pTail->pNext=NULL; /* unfudge the tail */
+ if(pTail)
+ pTail->pNext=NULL; /* unfudge the tail */
return pHead;
}
--
2.19.1

128
Updated-patch-to-compile-apr-util-against-mariadb-10.patch
View File

@ -1,128 +0,0 @@
This is an upstream patch from: https://bz.apache.org/bugzilla/show_bug.cgi?id=61517
diff -ur a/build/dbd.m4 b/build/dbd.m4
--- a/build/dbd.m4 2017-05-03 19:18:52.000000000 -0400
+++ b/build/dbd.m4 2017-09-13 16:58:07.369546391 -0400
@@ -163,10 +163,15 @@
old_cppflags="$CPPFLAGS"
old_ldflags="$LDFLAGS"
+ my_library="mysqlclient"
+
AC_ARG_WITH([mysql], APR_HELP_STRING([--with-mysql=DIR], [enable MySQL DBD driver]),
[
if test "$withval" = "yes"; then
AC_PATH_PROG([MYSQL_CONFIG],[mysql_config])
+ if test "x$MYSQL_CONFIG" = "x"; then
+ AC_PATH_PROG([MYSQL_CONFIG],[mariadb_config])
+ fi
if test "x$MYSQL_CONFIG" != 'x'; then
mysql_CPPFLAGS="`$MYSQL_CONFIG --include`"
mysql_LDFLAGS="`$MYSQL_CONFIG --libs_r | sed -e 's/-l[[^ ]]\+//g'`"
@@ -174,32 +179,40 @@
APR_ADDTO(CPPFLAGS, [$mysql_CPPFLAGS])
APR_ADDTO(LIBS, [$mysql_LIBS])
+
+ if $MYSQL_CONFIG --libs_r | grep -q mariadb; then
+ my_library="mariadb"
+ fi
fi
- AC_CHECK_HEADERS([mysql.h my_global.h my_sys.h],
- AC_CHECK_LIB(mysqlclient, mysql_init, [apu_have_mysql=1]),
- [apu_have_mysql=0; break],
- [#include <my_global.h>])
- if test "$apu_have_mysql" = "0"; then
- AC_CHECK_HEADERS([mysql/mysql.h mysql/my_global.h mysql/my_sys.h],
- AC_CHECK_LIB(mysqlclient, mysql_init, [apu_have_mysql=1]),
- [apu_have_mysql=0; break],
- [#include <mysql/my_global.h>])
+ AC_CHECK_HEADERS([mysql.h errmsg.h], [apu_have_mysql=1], [apu_have_mysql=0; break])
+ if test "$apr_have_mysql" = "0"; then
+ AC_CHECK_HEADERS([mysql/mysql.h mysql/errmsg.h], [apu_have_mysql=1], [apu_have_mysql=0; break])
fi
- if test "$apu_have_mysql" != "0" && test "x$MYSQL_CONFIG" != 'x'; then
- APR_ADDTO(APRUTIL_PRIV_INCLUDES, [$mysql_CPPFLAGS])
+ if test "$apr_have_mysql" = "1"; then
+ AC_CHECK_HEADERS([my_global.h my_sys.h mysql/my_global.h mysql/my_sys.h])
+ AC_CHECK_LIB($my_library, mysql_init,, [apu_have_mysql=0])
+ fi
+ if test "$apu_have_mysql" = "1" && test "x$MYSQL_CONFIG" != 'x'; then
+ APR_ADDTO(APRUTIL_PRIV_INCLUDES, [$mysql_CPPFLAGS])
fi
elif test "$withval" = "no"; then
:
else
AC_PATH_PROG([MYSQL_CONFIG],[mysql_config],,[$withval/bin])
+ if test "x$MYSQL_CONFIG" = "x"; then
+ AC_PATH_PROG([MYSQL_CONFIG],[mariadb_config],,[$withval/bin])
+ fi
if test "x$MYSQL_CONFIG" != 'x'; then
- mysql_CPPFLAGS="`$MYSQL_CONFIG --include`"
- mysql_LDFLAGS="`$MYSQL_CONFIG --libs_r | sed -e 's/-l[[^ ]]\+//g'`"
- mysql_LIBS="`$MYSQL_CONFIG --libs_r`"
+ mysql_CPPFLAGS="`$MYSQL_CONFIG --include`"
+ mysql_LDFLAGS="`$MYSQL_CONFIG --libs_r | sed -e 's/-l[[^ ]]\+//g'`"
+ mysql_LIBS="`$MYSQL_CONFIG --libs_r`"
+ if $MYSQL_CONFIG --libs_r | grep -q mariadb; then
+ my_library="mariadb"
+ fi
else
- mysql_CPPFLAGS="-I$withval/include"
- mysql_LDFLAGS="-L$withval/lib "
+ mysql_CPPFLAGS="-I$withval/include"
+ mysql_LDFLAGS="-L$withval/lib "
fi
APR_ADDTO(CPPFLAGS, [$mysql_CPPFLAGS])
@@ -207,18 +220,15 @@
APR_ADDTO(LIBS, [$mysql_LIBS])
AC_MSG_NOTICE(checking for mysql in $withval)
- AC_CHECK_HEADERS([mysql.h my_global.h my_sys.h],
- AC_CHECK_LIB(mysqlclient, mysql_init, [apu_have_mysql=1]),
- [apu_have_mysql=0; break],
- [#include <my_global.h>])
-
- if test "$apu_have_mysql" != "1"; then
- AC_CHECK_HEADERS([mysql/mysql.h mysql/my_global.h mysql/my_sys.h],
- AC_CHECK_LIB(mysqlclient, mysql_init, [apu_have_mysql=1]),
- [apu_have_mysql=0; break],
- [#include <mysql/my_global.h>])
+ AC_CHECK_HEADERS([mysql.h errmsg.h], [apu_have_mysql=1], [apu_have_mysql=0; break])
+ if test "$apr_have_mysql" = "0"; then
+ AC_CHECK_HEADERS([mysql/mysql.h mysql/errmsg.h], [apu_have_mysql=1], [apu_have_mysql=0; break])
+ fi
+ if test "$apr_have_mysql" = "1"; then
+ AC_CHECK_HEADERS([my_global.h my_sys.h mysql/my_global.h mysql/my_sys.h])
+ AC_CHECK_LIB($my_library, mysql_init,, [apu_have_mysql=0])
fi
- if test "$apu_have_mysql" != "0"; then
+ if test "$apu_have_mysql" = "1"; then
APR_ADDTO(APRUTIL_PRIV_INCLUDES, [$mysql_CPPFLAGS])
fi
fi
@@ -229,7 +239,7 @@
dnl Since we have already done the AC_CHECK_LIB tests, if we have it,
dnl we know the library is there.
if test "$apu_have_mysql" = "1"; then
- APR_ADDTO(LDADD_dbd_mysql, [$mysql_LDFLAGS -lmysqlclient $mysql_LIBS])
+ APR_ADDTO(LDADD_dbd_mysql, [$mysql_LDFLAGS -l$my_library $mysql_LIBS])
fi
AC_SUBST(LDADD_dbd_mysql)
diff -ur a/dbd/apr_dbd_mysql.c b/dbd/apr_dbd_mysql.c
--- a/dbd/apr_dbd_mysql.c 2017-05-03 19:18:52.000000000 -0400
+++ b/dbd/apr_dbd_mysql.c 2017-09-13 19:15:20.894368809 -0400
@@ -1262,7 +1262,9 @@
static void dbd_mysql_init(apr_pool_t *pool)
{
+#if MYSQL_VERSION_ID < 100000
my_init();
+#endif
mysql_thread_init();
/* FIXME: this is a guess; find out what it really does */

BIN
apr-util-1.6.1.tar.bz2
View File

Binary file not shown.

BIN
apr-util-1.6.3.tar.bz2 Normal file
View File

Binary file not shown.

28
apr-util-Add-sw64-architecture.patch
View File

@ -1,28 +0,0 @@
From a84e910ee8c0991ee23da668f9e849da3b03ebed Mon Sep 17 00:00:00 2001
From: wzx <wuzx1226@qq.com>
Date: Thu, 24 Nov 2022 15:11:53 +0800
Subject: [PATCH] Add sw64 architecture
Add sw64 architecture in file crypto/crypt_blowfish.c according to alpha architecture to support sw64 architecture.
Signed-off-by: wzx <wuzx1226@qq.com>
---
crypto/crypt_blowfish.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/crypt_blowfish.c b/crypto/crypt_blowfish.c
index 3d306cf..c22b06b 100644
--- a/crypto/crypt_blowfish.c
+++ b/crypto/crypt_blowfish.c
@@ -56,7 +56,7 @@
#ifdef __i386__
#define BF_ASM 0
#define BF_SCALE 1
-#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
+#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) || defined(__sw_64__)
#define BF_ASM 0
#define BF_SCALE 1
#else
--
2.33.0

15
apr-util.spec
View File

@ -1,21 +1,13 @@
%define apuver 1
Name: apr-util
Version: 1.6.1
Release: 14
Version: 1.6.3
Release: 1
Summary: apr-util provides a number of helpful abstractions on top of APR.
License: ASL 2.0
URL: http://apr.apache.org
Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
Patch6000: Updated-patch-to-compile-apr-util-against-mariadb-10.patch
Patch6001: Merge-r1822315-from-trunk.patch
Patch6002: Fix-error-handling-in-gdbm.patch
Patch6003: Merge-r1834022-r1834023-r1834024-from-trunk.patch
Patch6004: Remove-dereference-of-null-pointer.patch
Patch6005: apr-util-Add-sw64-architecture.patch
Patch6006: backport-CVE-2022-25147-apr_base64-Make-sure-encoding-decoding-lengths-fit-i.patch
BuildRequires: gcc autoconf apr-devel >= 1.6.0 gdbm-devel expat-devel libuuid-devel
BuildRequires: mariadb-connector-c-devel sqlite-devel >= 3.1.0 openldap-devel openssl-devel
@ -125,6 +117,9 @@ make test
%{_libdir}/%{name}-%{apuver}/apr_dbd_odbc*
%changelog
* Sat Feb 3 2024 caixiaomeng <caixiaomeng2@huawei.com> - 1.6.3
- update to 1.6.3
* Tue Feb 14 2023 fuanan <fuanan3@h-partners.com> - 1.6.1-14
- Fix CVE-2022-25147

159
backport-CVE-2022-25147-apr_base64-Make-sure-encoding-decoding-lengths-fit-i.patch
View File

@ -1,159 +0,0 @@
From 850cc4f69639ac9f1c1c9767efaf4883ee3217ce Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 23 Jun 2022 15:12:47 +0000
Subject: [PATCH] apr_base64: Make sure encoding/decoding lengths fit in an int
>= 0.
The (old) API of apr_base64 functions has always used int for representing
lengths and it does not return errors. Make sure to abort() if the provided
data don't fit.
* encoding/apr_base64.c():
#define APR_BASE64_ENCODE_MAX and APR_BASE64_DECODE_MAX as the hard length
limits for encoding and decoding respectively.
* encoding/apr_base64.c(apr_base64_encode_len, apr_base64_encode,
apr_base64_encode_binary, apr_pbase64_encode):
abort() if the given length is above APR_BASE64_ENCODE_MAX.
* encoding/apr_base64.c(apr_base64_decode_len, apr_base64_decode,
apr_base64_decode_binary, apr_pbase64_decode):
abort() if the given plain buffer length is above APR_BASE64_DECODE_MAX.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902206 13f79535-47bb-0310-9956-ffa450edef68
---
encoding/apr_base64.c | 46 ++++++++++++++++++++++++++-----------------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/encoding/apr_base64.c b/encoding/apr_base64.c
index b4b28cf75..f5c2786ad 100644
--- a/encoding/apr_base64.c
+++ b/encoding/apr_base64.c
@@ -20,11 +20,20 @@
* ugly 'len' functions, which is quite a nasty cost.
*/
+#undef NDEBUG /* always abort() on assert()ion failure */
+#include <assert.h>
+
#include "apr_base64.h"
#if APR_CHARSET_EBCDIC
#include "apr_xlate.h"
#endif /* APR_CHARSET_EBCDIC */
+/* Above APR_BASE64_ENCODE_MAX length the encoding can't fit in an int >= 0 */
+#define APR_BASE64_ENCODE_MAX 1610612733
+
+/* Above APR_BASE64_DECODE_MAX length the decoding can't fit in an int >= 0 */
+#define APR_BASE64_DECODE_MAX 2863311524u
+
/* aaaack but it's fast and const should make it shared text page. */
static const unsigned char pr2six[256] =
{
@@ -109,24 +118,22 @@ APU_DECLARE(apr_status_t) apr_base64init_ebcdic(apr_xlate_t *to_ascii,
APU_DECLARE(int) apr_base64_decode_len(const char *bufcoded)
{
- int nbytesdecoded;
register const unsigned char *bufin;
register apr_size_t nprbytes;
bufin = (const unsigned char *) bufcoded;
while (pr2six[*(bufin++)] <= 63);
-
nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = (((int)nprbytes + 3) / 4) * 3;
+ assert(nprbytes <= APR_BASE64_DECODE_MAX);
- return nbytesdecoded + 1;
+ return (int)(((nprbytes + 3u) / 4u) * 3u + 1u);
}
APU_DECLARE(int) apr_base64_decode(char *bufplain, const char *bufcoded)
{
#if APR_CHARSET_EBCDIC
apr_size_t inbytes_left, outbytes_left;
-#endif /* APR_CHARSET_EBCDIC */
+#endif /* APR_CHARSET_EBCDIC */
int len;
len = apr_base64_decode_binary((unsigned char *) bufplain, bufcoded);
@@ -154,12 +161,13 @@ APU_DECLARE(int) apr_base64_decode_binary(unsigned char *bufplain,
bufin = (const unsigned char *) bufcoded;
while (pr2six[*(bufin++)] <= 63);
nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
- nbytesdecoded = (((int)nprbytes + 3) / 4) * 3;
+ assert(nprbytes <= APR_BASE64_DECODE_MAX);
+ nbytesdecoded = (int)(((nprbytes + 3u) / 4u) * 3u);
bufout = (unsigned char *) bufplain;
bufin = (const unsigned char *) bufcoded;
- while (nprbytes > 4) {
+ while (nprbytes >= 4) {
*(bufout++) =
(unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
*(bufout++) =
@@ -179,13 +187,8 @@ APU_DECLARE(int) apr_base64_decode_binary(unsigned char *bufplain,
*(bufout++) =
(unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
}
- if (nprbytes > 3) {
- *(bufout++) =
- (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
- }
- nbytesdecoded -= (4 - (int)nprbytes) & 3;
- return nbytesdecoded;
+ return nbytesdecoded - (int)((4u - nprbytes) & 3u);
}
static const char basis_64[] =
@@ -203,6 +206,8 @@ static const char basis_64[] =
APU_DECLARE(int) apr_base64_encode_len(int len)
{
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
return ((len + 2) / 3 * 4) + 1;
}
@@ -214,6 +219,8 @@ APU_DECLARE(int) apr_base64_encode(char *encoded, const char *string, int len)
int i;
char *p;
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
p = encoded;
for (i = 0; i < len - 2; i += 3) {
*p++ = basis_64[(os_toascii[string[i]] >> 2) & 0x3F];
@@ -238,7 +245,7 @@ APU_DECLARE(int) apr_base64_encode(char *encoded, const char *string, int len)
}
*p++ = '\0';
- return p - encoded;
+ return (unsigned int)(p - encoded);
#endif /* APR_CHARSET_EBCDIC */
}
@@ -251,6 +258,8 @@ APU_DECLARE(int) apr_base64_encode_binary(char *encoded,
int i;
char *p;
+ assert(len >= 0 && len <= APR_BASE64_ENCODE_MAX);
+
p = encoded;
for (i = 0; i < len - 2; i += 3) {
*p++ = basis_64[(string[i] >> 2) & 0x3F];
@@ -275,5 +284,5 @@ APU_DECLARE(int) apr_base64_encode_binary(char *encoded,
}
*p++ = '\0';
- return (int)(p - encoded);
+ return (unsigned int)(p - encoded);
}
--
2.27.0