From 10a509424e45e9b90207ed15d24c02922a1ba984 Mon Sep 17 00:00:00 2001 From: linwei9 <595019852@qq.com> Date: Wed, 24 Jun 2020 17:31:17 +0800 Subject: [PATCH] fix CVE-2017-12613 --- ...an-readable-date-fields-credit-Stefa.patch | 53 +++++++++++++++++++ apr.spec | 19 ++++--- 2 files changed, 66 insertions(+), 6 deletions(-) create mode 100644 Bounds-check-human-readable-date-fields-credit-Stefa.patch diff --git a/Bounds-check-human-readable-date-fields-credit-Stefa.patch b/Bounds-check-human-readable-date-fields-credit-Stefa.patch new file mode 100644 index 0000000..f703ffd --- /dev/null +++ b/Bounds-check-human-readable-date-fields-credit-Stefa.patch @@ -0,0 +1,53 @@ +From ad958385a4180d7a83d90589689fcd36e3bbc57a Mon Sep 17 00:00:00 2001 +From: Nick Kew +Date: Sun, 10 Sep 2017 22:30:14 +0000 +Subject: [PATCH] Bounds-check human-readable date fields (credit: Stefan + Sperling) + +git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1807975 13f79535-47bb-0310-9956-ffa450edef68 +--- + time/unix/time.c | 3 +++ + time/win32/time.c | 6 ++++++ + 2 files changed, 9 insertions(+) + +diff --git a/time/unix/time.c b/time/unix/time.c +index dfa45e6..7f09581 100644 +--- a/time/unix/time.c ++++ b/time/unix/time.c +@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt) + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +diff --git a/time/win32/time.c b/time/win32/time.c +index 2349799..1a70544 100644 +--- a/time/win32/time.c ++++ b/time/win32/time.c +@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm) + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++ if (tm->wMonth < 1 || tm->wMonth > 12) ++ return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -224,6 +227,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +-- +1.8.3.1 + diff --git a/apr.spec b/apr.spec index 025e3ae..2555b1b 100644 --- a/apr.spec +++ b/apr.spec @@ -2,7 +2,7 @@ Name: apr Version: 1.6.5 -Release: 4 +Release: 5 Summary: Apache Portable Runtime. License: ASL 2.0 and BSD with advertising and ISC and BSD URL: http://apr.apache.org @@ -12,11 +12,12 @@ Source1: apr-wrapper.h Patch0: apr-1.2.2-libdir.patch Patch1: apr-1.2.7-pkgconf.patch -Patch6000: Merge-r1834494-from-trunk.patch -Patch6001: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch -Patch6002: Split-apr_pool_check_integrity-into-two-parts.patch -Patch6003: Pool-debugging-fixes.patch -Patch6004: Fix-pool-debugging-output-so-that-creation-events-ar.patch +Patch0000: Merge-r1834494-from-trunk.patch +Patch0001: test-testlock.c-test_timeoutcond-Increase-fudge-fact.patch +Patch0002: Split-apr_pool_check_integrity-into-two-parts.patch +Patch0003: Pool-debugging-fixes.patch +Patch0004: Fix-pool-debugging-output-so-that-creation-events-ar.patch +Patch0005: Bounds-check-human-readable-date-fields-credit-Stefa.patch BuildRequires: gcc autoconf libtool libuuid-devel python3 lksctp-tools-devel @@ -100,6 +101,12 @@ make check %doc docs/incomplete_types docs/non_apr_programs %changelog +* Wed Jun 24 2020 linwei - 1.6.5-5 +- Type: cves +- ID: CVE-2017-12613 +- SUG: restart +- DESC: fix CVE-2017-12613 + * Tue Dec 17 2019 openEuler Buildteam - 1.6.5-4 - quality enhancement synchronization github patch