fix CVE-2018-17199
This commit is contained in:
daidai_is_here
parent
612ba80bca
commit
3d34f251cb
85
CVE-2018-17199.patch
Normal file
85
CVE-2018-17199.patch
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
From 34f58ae20d9a85f2a1508a9a732874239491d456 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hank Ibell <hwibell@apache.org>
|
||||||
|
Date: Tue, 15 Jan 2019 19:54:41 +0000
|
||||||
|
Subject: [PATCH] mod_session: Always decode session attributes early.
|
||||||
|
|
||||||
|
Backport r1850947 from trunk
|
||||||
|
Submitted by: hwibell
|
||||||
|
Reviewed by: hwibell, covener, wrowe
|
||||||
|
|
||||||
|
|
||||||
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1851409 13f79535-47bb-0310-9956-ffa450edef68
|
||||||
|
---
|
||||||
|
CHANGES | 2 ++
|
||||||
|
STATUS | 5 -----
|
||||||
|
modules/session/mod_session.c | 25 ++++++++++++++-----------
|
||||||
|
3 files changed, 16 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
#diff --git a/CHANGES b/CHANGES
|
||||||
|
#index c4d9f6c2ea8..4b0a07fdcf5 100644
|
||||||
|
#--- a/CHANGES
|
||||||
|
#+++ b/CHANGES
|
||||||
|
#@@ -9,6 +9,8 @@ Changes with Apache 2.4.38
|
||||||
|
# and we should just set the value for the environment variable
|
||||||
|
# like in the pattern case. [Ruediger Pluem]
|
||||||
|
#
|
||||||
|
#+ *) mod_session: Always decode session attributes early. [Hank Ibell]
|
||||||
|
#+
|
||||||
|
# *) core: Incorrect values for environment variables are substituted when
|
||||||
|
# multiple environment variables are specified in a directive. [Hank Ibell]
|
||||||
|
#
|
||||||
|
#diff --git a/STATUS b/STATUS
|
||||||
|
#index 00070f9f247..45a92ba4d81 100644
|
||||||
|
#--- a/STATUS
|
||||||
|
#+++ b/STATUS
|
||||||
|
#@@ -125,11 +125,6 @@ RELEASE SHOWSTOPPERS:
|
||||||
|
# PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
|
||||||
|
# [ start all new proposals below, under PATCHES PROPOSED. ]
|
||||||
|
#
|
||||||
|
#- *) mod_session: Always decode session attributes early.
|
||||||
|
#- trunk patch: http://svn.apache.org/r1850947
|
||||||
|
#- 2.4.x patch: svn merge -c 1850947 ^/httpd/httpd/trunk .
|
||||||
|
#- +1: hwibell, covener, wrowe
|
||||||
|
#-
|
||||||
|
# *) mod_ssl (ssl_engine_io.c: bio_filter_out_write, bio_filter_in_read)
|
||||||
|
# Clear retry flags before aborting on client-initiated reneg. [Joe Orton]
|
||||||
|
# PR: 63052
|
||||||
|
diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
|
||||||
|
index d517020d995..64e6e4a8132 100644
|
||||||
|
--- a/modules/session/mod_session.c
|
||||||
|
+++ b/modules/session/mod_session.c
|
||||||
|
@@ -126,20 +126,23 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
|
||||||
|
|
||||||
|
/* found a session that hasn't expired? */
|
||||||
|
now = apr_time_now();
|
||||||
|
+
|
||||||
|
if (zz) {
|
||||||
|
- if (zz->expiry && zz->expiry < now) {
|
||||||
|
+ /* load the session attibutes */
|
||||||
|
+ rv = ap_run_session_decode(r, zz);
|
||||||
|
+
|
||||||
|
+ /* having a session we cannot decode is just as good as having
|
||||||
|
+ none at all */
|
||||||
|
+ if (OK != rv) {
|
||||||
|
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
|
||||||
|
+ "error while decoding the session, "
|
||||||
|
+ "session not loaded: %s", r->uri);
|
||||||
|
zz = NULL;
|
||||||
|
}
|
||||||
|
- else {
|
||||||
|
- /* having a session we cannot decode is just as good as having
|
||||||
|
- none at all */
|
||||||
|
- rv = ap_run_session_decode(r, zz);
|
||||||
|
- if (OK != rv) {
|
||||||
|
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
|
||||||
|
- "error while decoding the session, "
|
||||||
|
- "session not loaded: %s", r->uri);
|
||||||
|
- zz = NULL;
|
||||||
|
- }
|
||||||
|
+
|
||||||
|
+ /* invalidate session if session is expired */
|
||||||
|
+ if (zz && zz->expiry && zz->expiry < now) {
|
||||||
|
+ zz = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@ -8,7 +8,7 @@
|
|||||||
Name: httpd
|
Name: httpd
|
||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Version: 2.4.34
|
Version: 2.4.34
|
||||||
Release: 14
|
Release: 15
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
@ -97,6 +97,7 @@ Patch6022: CVE-2018-17189.patch
|
|||||||
Patch6023: CVE-2019-0220-1.patch
|
Patch6023: CVE-2019-0220-1.patch
|
||||||
Patch6024: CVE-2019-0220-2.patch
|
Patch6024: CVE-2019-0220-2.patch
|
||||||
Patch6025: CVE-2019-0220-3.patch
|
Patch6025: CVE-2019-0220-3.patch
|
||||||
|
Patch6026: CVE-2018-17199.patch
|
||||||
|
|
||||||
Patch9000: layout_add_openEuler.patch
|
Patch9000: layout_add_openEuler.patch
|
||||||
|
|
||||||
@ -535,6 +536,12 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 03 2020 yanzhihua <yanzhihua4@huawei.com> - 2.4.34-15
|
||||||
|
- Type:cves
|
||||||
|
- ID:CVE-2018-17199
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2018-17199
|
||||||
|
|
||||||
* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.34-14
|
* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.34-14
|
||||||
- Type:bugfix
|
- Type:bugfix
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user