packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!35 fix CVE-2021-30641

Browse Source 
From: @eaglegai
Reviewed-by: @wangxp006
Signed-off-by: @wangxp006
This commit is contained in:
openeuler-ci-bot 2021-06-23 02:29:24 +00:00 committed by Gitee
commit 02cb835d25
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2021-30641.patch Normal file
View File

@ -0,0 +1,62 @@
From eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 21 Apr 2021 01:10:12 +0000
Subject: [PATCH] Merge r1889036 from trunk:
legacy default slash-matching behavior w/ 'MergeSlashes OFF'
Submitted By: Ruediger Pluem
Reviewed By: covener, rpluem, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1889038 13f79535-47bb-0310-9956-ffa450edef68
---
server/request.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/server/request.c b/server/request.c
index 0f150a763d6..299eae04d3f 100644
--- a/server/request.c
+++ b/server/request.c
@@ -1420,7 +1420,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
cached = (cache->cached != NULL);
- entry_uri = r->uri;
+
+ /*
+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
+ * have not been merged. But for Location walks we always go with merged
+ * slashes no matter what merge_slashes is set to.
+ */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ entry_uri = r->uri;
+ }
+ else {
+ char *uri = apr_pstrdup(r->pool, r->uri);
+ ap_no2slash(uri);
+ entry_uri = uri;
+ }
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
@@ -1488,7 +1501,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
}
- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
continue;
}
@@ -1498,7 +1511,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
apr_table_setn(r->subprocess_env,
((const char **)entry_core->refs->elts)[i],
apr_pstrndup(r->pool,
- entry_uri + pmatch[i].rm_so,
+ r->uri + pmatch[i].rm_so,
pmatch[i].rm_eo - pmatch[i].rm_so));
}
}

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.46 Version: 2.4.46
Release: 3 Release: 4
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -73,6 +73,7 @@ Patch19: httpd-2.4.46-htcacheclean-dont-break.patch
Patch20: CVE-2021-26691.patch Patch20: CVE-2021-26691.patch
Patch21: CVE-2020-13950.patch Patch21: CVE-2020-13950.patch
Patch22: CVE-2020-35452.patch Patch22: CVE-2020-35452.patch
Patch23: CVE-2021-30641.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -505,6 +506,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Tue Jun 22 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.46-4
- Type:cves
- ID:CVE-2021-30641
- SUG:NA
- DESC:fix CVE-2021-30641
* Mon Jun 21 2021 yanglu <yanglu72@huawei.com> - 2.4.46-3 * Mon Jun 21 2021 yanglu <yanglu72@huawei.com> - 2.4.46-3
- Type:cves - Type:cves
- ID:CVE-2020-13950 CVE-2020-35452 - ID:CVE-2020-13950 CVE-2020-35452