!20 fix CVE-2022-37797

From: @cenhuilin Reviewed-by: @seuzw Signed-off-by: @seuzw
2022-09-15 02:18:18 +00:00 · 2022-09-15 02:18:18 +00:00 · ab99ce4241
commit ab99ce4241
parent 43884232ed f130c95ba3
2 changed files with 37 additions and 1 deletions
--- a/CVE-2022-37797.patch
+++ b/CVE-2022-37797.patch
@ -0,0 +1,31 @@
+From a8f7ea10802f6363146e11e2552177bc1e5a6e12 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 13 Sep 2022 05:51:02 +0000
+Subject: [PATCH] [mod_wstunnel] fix crash with bad hybivers (fixes #3165)
+
+x-ref:
+  "mod_wstunnel null pointer dereference"
+  https://redmine.lighttpd.net/issues/3165
+---
+ src/mod_wstunnel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/mod_wstunnel.c b/src/mod_wstunnel.c
+index 6d17d4d..97b89f0 100644
+--- a/src/mod_wstunnel.c
+++ b/src/mod_wstunnel.c
+@@ -483,7 +483,10 @@ static handler_t wstunnel_handler_setup (request_st * const r, plugin_data * con
+     hctx->errh = r->conf.errh;/*(for mod_wstunnel-specific DEBUG_* macros)*/
+     hctx->conf = p->conf; /*(copies struct)*/
+     hybivers = wstunnel_check_request(r, hctx);
+-    if (hybivers < 0) return HANDLER_FINISHED;
+    if (hybivers < 0) {
+        r->handler_module = NULL;
+        return HANDLER_FINISHED;
+    }
+     hctx->hybivers = hybivers;
+     if (0 == hybivers) {
+         DEBUG_LOG_INFO("WebSocket Version = %s", "hybi-00");
+-- 
+2.33.0
+
--- a/lighttpd.spec
+++ b/lighttpd.spec
@ -20,7 +20,7 @@
 Summary:             Lightning fast webserver with light system requirements
 Name:                lighttpd
 Version:             1.4.63
-Release:             4
+Release:             5
 License:             BSD-3-Clause and OML and GPLv3 and GPLv2
 URL:                 https://github.com/lighttpd/lighttpd1.4
 Source0:             http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-%{version}.tar.gz
@ -32,6 +32,7 @@ Patch0:              lighttpd-1.4.62-defaultconf.patch
 Patch1:              make-setrlimit-warn-not-fatal.patch
 Patch2:              fix-loading-mod_auth-after-dynamic-modules.patch
 Patch3:              CVE-2022-22707.patch
+Patch4:              CVE-2022-37797.patch
 Requires:            %{name}-filesystem
 %if %{with systemd}
 Requires(post):      systemd
@ -112,6 +113,7 @@ for the directories.
 %patch1 -p1 -b .setrlimit
 %patch2 -p1 -b .fixtrace
 %patch3 -p1
+%patch4 -p1

 %build
 autoreconf -if
@ -258,6 +260,9 @@ fi
 %attr(0700, lighttpd, lighttpd) %dir %{webroot}/

 %changelog
+* Tue Sep 13 2022 cenhuilin <cenhuilin@kylinos.cn> - 1.4.63-5
+- Fix CVE-2022-37797
+
 * Fri Mar 11 2022 baizhonggui <baizhonggui@huawei.com> - 1.4.63-4
 - Modify var.state_dir path from /etc/lighttpd/lighttpd.conf in lighttpd-1.4.62-defaultconf.patch