!30 fix CVE-2020-13950 CVE-2020-35452
From: @yangl777 Reviewed-by: @wangxp006 Signed-off-by: @wangxp006
This commit is contained in:
openeuler-ci-bot
Gitee
commit
fc064f1bd3
36
CVE-2020-13950.patch
Normal file
36
CVE-2020-13950.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yann Ylavic <ylavic@apache.org>
|
||||||
|
Date: Mon, 11 May 2015 15:48:58 +0000
|
||||||
|
Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
|
||||||
|
may be NULL during prefetch, don't try to dereference it! Still
|
||||||
|
origin->keepalive will be set according to p_conn->close by the caller
|
||||||
|
(proxy_http_handler).
|
||||||
|
|
||||||
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
|
||||||
|
---
|
||||||
|
modules/proxy/mod_proxy_http.c | 2 --
|
||||||
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
|
||||||
|
index 044bfcd..4a5b851 100644
|
||||||
|
--- a/modules/proxy/mod_proxy_http.c
|
||||||
|
+++ b/modules/proxy/mod_proxy_http.c
|
||||||
|
@@ -577,7 +577,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
|
||||||
|
apr_off_t bytes;
|
||||||
|
int force10, rv;
|
||||||
|
apr_read_type_e block;
|
||||||
|
- conn_rec *origin = p_conn->connection;
|
||||||
|
|
||||||
|
if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
|
||||||
|
if (req->expecting_100) {
|
||||||
|
@@ -637,7 +636,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
|
||||||
|
"chunked body with Content-Length (C-L ignored)",
|
||||||
|
c->client_ip, c->remote_host ? c->remote_host: "");
|
||||||
|
req->old_cl_val = NULL;
|
||||||
|
- origin->keepalive = AP_CONN_CLOSE;
|
||||||
|
p_conn->close = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
38
CVE-2020-35452.patch
Normal file
38
CVE-2020-35452.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yann Ylavic <ylavic@apache.org>
|
||||||
|
Date: Mon, 18 Jan 2021 17:39:12 +0000
|
||||||
|
Subject: [PATCH] Merge r1885659 from trunk:
|
||||||
|
|
||||||
|
mod_auth_digest: Fast validation of the nonce's base64 to fail early if
|
||||||
|
the format can't match anyway.
|
||||||
|
|
||||||
|
Submitted by: ylavic
|
||||||
|
Reviewed by: ylavic, covener, jailletc36
|
||||||
|
|
||||||
|
|
||||||
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68
|
||||||
|
---
|
||||||
|
modules/aaa/mod_auth_digest.c | 9 +++++++--
|
||||||
|
1 files changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
|
||||||
|
index 1b5a204278f..d126387cc7f 100644
|
||||||
|
--- a/modules/aaa/mod_auth_digest.c
|
||||||
|
+++ b/modules/aaa/mod_auth_digest.c
|
||||||
|
@@ -1426,9 +1426,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
|
||||||
|
time_rec nonce_time;
|
||||||
|
char tmp, hash[NONCE_HASH_LEN+1];
|
||||||
|
|
||||||
|
- if (strlen(resp->nonce) != NONCE_LEN) {
|
||||||
|
+ /* Since the time part of the nonce is a base64 encoding of an
|
||||||
|
+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
|
||||||
|
+ */
|
||||||
|
+ if (strlen(resp->nonce) != NONCE_LEN
|
||||||
|
+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
|
||||||
|
- "invalid nonce %s received - length is not %d",
|
||||||
|
+ "invalid nonce '%s' received - length is not %d "
|
||||||
|
+ "or time encoding is incorrect",
|
||||||
|
resp->nonce, NONCE_LEN);
|
||||||
|
note_digest_auth_failure(r, conf, resp, 1);
|
||||||
|
return HTTP_UNAUTHORIZED;
|
||||||
10
httpd.spec
10
httpd.spec
@ -8,7 +8,7 @@
|
|||||||
Name: httpd
|
Name: httpd
|
||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Version: 2.4.46
|
Version: 2.4.46
|
||||||
Release: 2
|
Release: 3
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
@ -71,6 +71,8 @@ Patch17: httpd-2.4.43-r1861793+.patch
|
|||||||
Patch18: httpd-2.4.43-r1828172+.patch
|
Patch18: httpd-2.4.43-r1828172+.patch
|
||||||
Patch19: httpd-2.4.46-htcacheclean-dont-break.patch
|
Patch19: httpd-2.4.46-htcacheclean-dont-break.patch
|
||||||
Patch20: CVE-2021-26691.patch
|
Patch20: CVE-2021-26691.patch
|
||||||
|
Patch21: CVE-2020-13950.patch
|
||||||
|
Patch22: CVE-2020-35452.patch
|
||||||
|
|
||||||
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
|
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
|
||||||
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
|
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
|
||||||
@ -503,6 +505,12 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 21 2021 yanglu <yanglu72@huawei.com> - 2.4.46-3
|
||||||
|
- Type:cves
|
||||||
|
- ID:CVE-2020-13950 CVE-2020-35452
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2020-13950 CVE-2020-35452
|
||||||
|
|
||||||
* Wed Jun 16 2021 yanglu <yanglu72@huawei.com> - 2.4.46-2
|
* Wed Jun 16 2021 yanglu <yanglu72@huawei.com> - 2.4.46-2
|
||||||
- Type:cves
|
- Type:cves
|
||||||
- ID:CVE-2021-26691
|
- ID:CVE-2021-26691
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user