diff options
| author | Stefan Fritsch <sf@debian.org> | 2007-06-30 07:03:17 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2012-01-02 10:36:44 +0100 |
| commit | 37e5d81a90d4a97181fcd41934ef379646aadcb4 (patch) | |
| tree | 39cb16e5f31c8dedbc637cddb796e69f48e588ec | |
| parent | e870a97a939378abd7d33f65bf2d6eedada45ffe (diff) | |
| download | apache2-37e5d81a90d4a97181fcd41934ef379646aadcb4.tar.gz | |
fix CVE-2007-1863: DoS in mod_cache
git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@400 01b336ce-410b-0410-9a02-a0e7f243c266
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rw-r--r-- | debian/patches/049_CVE-2007-1863.dpatch | 81 |
3 files changed, 83 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 52743037..18bc831f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ apache2 (2.2.4-1) UNRELEASED; urgency=low [ Stefan Fritsch ] + * Security: fix CVE-2007-1863: DoS in mod_cache * New upstream version (Closes: #427050) - Fixes "proxy: error reading status line from remote server" (Closes: #410331) diff --git a/debian/patches/00list b/debian/patches/00list index 60af4f90..59e628c5 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -16,4 +16,5 @@ 046_proxy_ftp_dirparse_crash.dpatch 047_fix_usage_message.dpatch 048_CVE-2007-1862.dpatch +049_CVE-2007-1863.dpatch 099_config_guess_sub_update diff --git a/debian/patches/049_CVE-2007-1863.dpatch b/debian/patches/049_CVE-2007-1863.dpatch new file mode 100644 index 00000000..f979d3cd --- /dev/null +++ b/debian/patches/049_CVE-2007-1863.dpatch @@ -0,0 +1,81 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 048_CVE-2007-1863.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +--- 2.2.x/modules/cache/cache_util.c 2006/10/12 23:11:33 463503 ++++ 2.2.x/modules/cache/cache_util.c 2007/06/29 16:25:57 551944 +@@ -243,7 +243,8 @@ + age = ap_cache_current_age(info, age_c, r->request_time); + + /* extract s-maxage */ +- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) { ++ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val) ++ && val != NULL) { + smaxage = apr_atoi64(val); + } + else { +@@ -252,7 +253,8 @@ + + /* extract max-age from request */ + if (!conf->ignorecachecontrol +- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) { ++ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val) ++ && val != NULL) { + maxage_req = apr_atoi64(val); + } + else { +@@ -260,7 +262,8 @@ + } + + /* extract max-age from response */ +- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) { ++ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val) ++ && val != NULL) { + maxage_cresp = apr_atoi64(val); + } + else { +@@ -282,7 +285,20 @@ + + /* extract max-stale */ + if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) { +- maxstale = apr_atoi64(val); ++ if(val != NULL) { ++ maxstale = apr_atoi64(val); ++ } ++ else { ++ /* ++ * If no value is assigned to max-stale, then the client is willing ++ * to accept a stale response of any age (RFC2616 14.9.3). We will ++ * set it to one year in this case as this situation is somewhat ++ * similar to a "never expires" Expires header (RFC2616 14.21) ++ * which is set to a date one year from the time the response is ++ * sent in this case. ++ */ ++ maxstale = APR_INT64_C(86400*365); ++ } + } + else { + maxstale = 0; +@@ -290,7 +306,8 @@ + + /* extract min-fresh */ + if (!conf->ignorecachecontrol +- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) { ++ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val) ++ && val != NULL) { + minfresh = apr_atoi64(val); + } + else { +@@ -418,6 +435,9 @@ + *val = apr_pstrmemdup(p, val_start, + next - val_start); + } ++ } ++ else { ++ *val = NULL; + } + } + return 1; |