backport properly cleanup XML parser contexts upon completion

From: Vladimir Krivopalov <vlkrivop@microsoft.com> Signed-off-by: Guangzhong Yao <yaoguangzhong@xfusion.com>
2023-01-06 20:05:03 +08:00 · 2023-01-06 20:05:03 +08:00 · e7266bde00
commit e7266bde00
parent d1cc21c9f7
2 changed files with 41 additions and 1 deletions
--- a/mod_security.spec
+++ b/mod_security.spec
@ -7,7 +7,7 @@

 Name: mod_security
 Version: 2.9.5
-Release: 3
+Release: 4
 Summary: Security module for the Apache HTTP Server
 License: ASL 2.0
 URL: http://www.modsecurity.org/
@ -17,6 +17,7 @@ Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
 Patch0000: modsecurity-2.9.5-lua-54.patch
 Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
+Patch0002: modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch

 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel
@ -99,6 +100,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
 %endif

 %changelog
+* Fri Jan 6 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-4
+- backport properly cleanup XML parser contexts upon completion
+
 * Fri Jan 6 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-3
 - backport use uid if user name is not available

--- a/modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch
+++ b/modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch
@ -0,0 +1,36 @@
+From 6a5ec1ff7bd5a4a653da417f9a49a50cf5b2429d Mon Sep 17 00:00:00 2001
+From: Vladimir Krivopalov <vlkrivop@microsoft.com>
+Date: Mon, 13 Jan 2020 16:36:09 -0800
+Subject: [PATCH] Properly cleanup XML parser contexts upon completion
+
+It is currently possible that the XML parsing context is not properly
+cleaned up if a parsed XML document is malformed.
+
+This fix makes sure that the context is taken care of.
+
+Signed-off-by: Vladimir Krivopalov <vlkrivop@microsoft.com>
+---
+ apache2/msc_xml.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/apache2/msc_xml.c b/apache2/msc_xml.c
+index a31decb5..9cc4da65 100644
+--- a/apache2/msc_xml.c
+++ b/apache2/msc_xml.c
+@@ -137,6 +137,13 @@ int xml_complete(modsec_rec *msr, char **error_msg) {
+  * Frees the resources used for XML parsing.
+  */
+ apr_status_t xml_cleanup(modsec_rec *msr) {
+    if (msr->xml->parsing_ctx != NULL) {
+        if (msr->xml->parsing_ctx->myDoc) {
+            xmlFreeDoc(msr->xml->parsing_ctx->myDoc);
+        }
+        xmlFreeParserCtxt(msr->xml->parsing_ctx);
+        msr->xml->parsing_ctx = NULL;
+    }
+     if (msr->xml->doc != NULL) {
+         xmlFreeDoc(msr->xml->doc);
+         msr->xml->doc = NULL;
+-- 
+2.27.0
+