Fix CVE-2022-23959
This commit is contained in:
starlet-dx
parent
e1fdc553a5
commit
36c150c07f
28
CVE-2022-23959.patch
Normal file
28
CVE-2022-23959.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Blix Grydeland <martin@varnish-software.com>
|
||||||
|
Date: Fri, 17 Dec 2021 22:10:16 +0100
|
||||||
|
Subject: [PATCH] Mark req doclose when failing to ignore req body
|
||||||
|
|
||||||
|
Previously we would ignore errors to iterate the request body into
|
||||||
|
oblivion in VRB_Ignore(), keeping the connection open. This opens an
|
||||||
|
out-of-sync vulnerability on H/1 connections.
|
||||||
|
|
||||||
|
This patch tests the status of the request body in VRB_Ignore(), marking
|
||||||
|
the request failed and that it should be closed on errors.
|
||||||
|
---
|
||||||
|
bin/varnishd/cache/cache_req_body.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
|
||||||
|
index 6391f928d6..5ffd08b77d 100644
|
||||||
|
--- a/bin/varnishd/cache/cache_req_body.c
|
||||||
|
+++ b/bin/varnishd/cache/cache_req_body.c
|
||||||
|
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
|
||||||
|
if (req->req_body_status->avail > 0)
|
||||||
|
(void)VRB_Iterate(req->wrk, req->vsl, req,
|
||||||
|
httpq_req_body_discard, NULL);
|
||||||
|
+ if (req->req_body_status == BS_ERROR)
|
||||||
|
+ req->doclose = SC_RX_BODY;
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: varnish
|
Name: varnish
|
||||||
Summary: A web application accelerator
|
Summary: A web application accelerator
|
||||||
Version: 7.0.1
|
Version: 7.0.1
|
||||||
Release: 1
|
Release: 2
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://www.varnish-cache.org/
|
URL: https://www.varnish-cache.org/
|
||||||
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
||||||
@ -10,6 +10,8 @@ Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
|||||||
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
|
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
|
||||||
Patch0001: fix-varnish-devel-installation-failure.patch
|
Patch0001: fix-varnish-devel-installation-failure.patch
|
||||||
Patch0002: fix-varnish.service-reload-failed.patch
|
Patch0002: fix-varnish.service-reload-failed.patch
|
||||||
|
##https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4
|
||||||
|
Patch0003: CVE-2022-23959.patch
|
||||||
|
|
||||||
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
|
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
|
||||||
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
|
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
|
||||||
@ -158,6 +160,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
|
|||||||
%{_mandir}/man7/*.7*
|
%{_mandir}/man7/*.7*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 27 2022 yaoxin <yaoxin30@h-partners.com> - 7.0.1-2
|
||||||
|
- Fix CVE-2022-23959
|
||||||
|
|
||||||
* Mon Apr 25 2022 yangping <yangping69@h-partners.com> - 7.0.1-1
|
* Mon Apr 25 2022 yangping <yangping69@h-partners.com> - 7.0.1-1
|
||||||
- Upgrade varnish to 7.0.1
|
- Upgrade varnish to 7.0.1
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user