From 46396bf73422b1acf5c24510f2cda39c6ceb2bff Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Mon, 20 May 2013 09:54:07 +0200 Subject: [PATCH] htpasswd/htdbm: fix hash generation bug (#956344) - do not dump vhosts twice in httpd -S output (#928761) - mod_cache: fix potential crash caused by uninitialized variable (#954109) --- httpd-2.4.4-dump-vhost-twice.patch | 45 ++++++++++++ httpd-2.4.4-mod_cache-tmppath.patch | 11 +++ httpd-2.4.4-r1476674.patch | 110 ++++++++++++++++++++++++++++ httpd.spec | 13 +++- 4 files changed, 178 insertions(+), 1 deletion(-) create mode 100644 httpd-2.4.4-dump-vhost-twice.patch create mode 100644 httpd-2.4.4-mod_cache-tmppath.patch create mode 100644 httpd-2.4.4-r1476674.patch diff --git a/httpd-2.4.4-dump-vhost-twice.patch b/httpd-2.4.4-dump-vhost-twice.patch new file mode 100644 index 0000000..945fd5e --- /dev/null +++ b/httpd-2.4.4-dump-vhost-twice.patch @@ -0,0 +1,45 @@ +--- trunk/server/vhost.c 2013/05/11 11:51:28 1481305 ++++ trunk/server/vhost.c 2013/05/11 12:05:24 1481306 +@@ -577,14 +577,21 @@ + */ + + for (s = main_s->next; s; s = s->next) { ++ server_addr_rec *sar_prev = NULL; + has_default_vhost_addr = 0; + for (sar = s->addrs; sar; sar = sar->next) { + ipaddr_chain *ic; + char inaddr_any[16] = {0}; /* big enough to handle IPv4 or IPv6 */ +- ++ /* XXX: this treats 0.0.0.0 as a "default" server which matches no-exact-match for IPv6 */ + if (!memcmp(sar->host_addr->ipaddr_ptr, inaddr_any, sar->host_addr->ipaddr_len)) { + ic = find_default_server(sar->host_port); +- if (!ic || sar->host_port != ic->sar->host_port) { ++ ++ if (ic && sar->host_port == ic->sar->host_port) { /* we're a match for an existing "default server" */ ++ if (!sar_prev || memcmp(sar_prev->host_addr->ipaddr_ptr, inaddr_any, sar_prev->host_addr->ipaddr_len)) { ++ add_name_vhost_config(p, main_s, s, sar, ic); ++ } ++ } ++ else { + /* No default server, or we found a default server but + ** exactly one of us is a wildcard port, which means we want + ** two ip-based vhosts not an NVH with two names +@@ -592,6 +599,7 @@ + ic = new_ipaddr_chain(p, s, sar); + ic->next = default_list; + default_list = ic; ++ add_name_vhost_config(p, main_s, s, sar, ic); + } + has_default_vhost_addr = 1; + } +@@ -609,8 +617,9 @@ + ic->next = *iphash_table_tail[bucket]; + *iphash_table_tail[bucket] = ic; + } ++ add_name_vhost_config(p, main_s, s, sar, ic); + } +- add_name_vhost_config(p, main_s, s, sar, ic); ++ sar_prev = sar; + } + + /* Ok now we want to set up a server_hostname if the user was diff --git a/httpd-2.4.4-mod_cache-tmppath.patch b/httpd-2.4.4-mod_cache-tmppath.patch new file mode 100644 index 0000000..7f70098 --- /dev/null +++ b/httpd-2.4.4-mod_cache-tmppath.patch @@ -0,0 +1,11 @@ +--- a/modules/cache/mod_cache.c ++++ a/modules/cache/mod_cache.c +@@ -1773,7 +1773,7 @@ static void *merge_dir_config(apr_pool_t *p, void *basev, void *addv) { + + static void * create_cache_config(apr_pool_t *p, server_rec *s) + { +- const char *tmppath; ++ const char *tmppath = NULL; + cache_server_conf *ps = apr_pcalloc(p, sizeof(cache_server_conf)); + + /* array of URL prefixes for which caching is enabled */ diff --git a/httpd-2.4.4-r1476674.patch b/httpd-2.4.4-r1476674.patch new file mode 100644 index 0000000..d93945f --- /dev/null +++ b/httpd-2.4.4-r1476674.patch @@ -0,0 +1,110 @@ +Index: support/passwd_common.c +=================================================================== +--- a/support/passwd_common.c (revision 1476673) ++++ b/support/passwd_common.c (working copy) +@@ -113,17 +113,17 @@ + + int get_password(struct passwd_ctx *ctx) + { ++ char buf[MAX_STRING_LEN + 1]; + if (ctx->passwd_src == PW_STDIN) { +- char *buf = ctx->out; + apr_file_t *file_stdin; + apr_size_t nread; + if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) { + ctx->errstr = "Unable to read from stdin."; + return ERR_GENERAL; + } +- if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1, ++ if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1, + &nread) != APR_EOF +- || nread == ctx->out_len - 1) { ++ || nread == sizeof(buf) - 1) { + goto err_too_long; + } + buf[nread] = '\0'; +@@ -133,21 +133,24 @@ + buf[nread-2] = '\0'; + } + apr_file_close(file_stdin); ++ ctx->passwd = apr_pstrdup(ctx->pool, buf); + } + else { +- char buf[MAX_STRING_LEN + 1]; + apr_size_t bufsize = sizeof(buf); +- if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0) ++ if (apr_password_get("New password: ", buf, &bufsize) != 0) + goto err_too_long; ++ ctx->passwd = apr_pstrdup(ctx->pool, buf); ++ bufsize = sizeof(buf); ++ buf[0] = '\0'; + apr_password_get("Re-type new password: ", buf, &bufsize); +- if (strcmp(ctx->out, buf) != 0) { ++ if (strcmp(ctx->passwd, buf) != 0) { + ctx->errstr = "password verification error"; +- memset(ctx->out, '\0', ctx->out_len); ++ memset(ctx->passwd, '\0', strlen(ctx->passwd)); + memset(buf, '\0', sizeof(buf)); + return ERR_PWMISMATCH; + } +- memset(buf, '\0', sizeof(buf)); + } ++ memset(buf, '\0', sizeof(buf)); + return 0; + + err_too_long: +@@ -164,7 +167,6 @@ + int mkhash(struct passwd_ctx *ctx) + { + char *pw; +- char pwin[MAX_STRING_LEN]; + char salt[16]; + apr_status_t rv; + int ret = 0; +@@ -177,14 +179,11 @@ + "Warning: Ignoring -C argument for this algorithm." NL); + } + +- if (ctx->passwd != NULL) { +- pw = ctx->passwd; +- } +- else { ++ if (ctx->passwd == NULL) { + if ((ret = get_password(ctx)) != 0) + return ret; +- pw = pwin; + } ++ pw = ctx->passwd; + + switch (ctx->alg) { + case ALG_APSHA: +@@ -224,7 +223,7 @@ + + apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1); + if (strlen(pw) > 8) { +- char *truncpw = strdup(pw); ++ char *truncpw = apr_pstrdup(ctx->pool, pw); + truncpw[8] = '\0'; + if (!strcmp(ctx->out, crypt(truncpw, salt))) { + apr_file_printf(errfile, "Warning: Password truncated to 8 " +Index: support/htpasswd.c +=================================================================== +--- a/support/htpasswd.c (revision 1476673) ++++ b/support/htpasswd.c (working copy) +@@ -253,7 +253,6 @@ + int main(int argc, const char * const argv[]) + { + apr_file_t *fpw = NULL; +- const char *errstr = NULL; + char line[MAX_STRING_LEN]; + char *pwfilename = NULL; + char *user = NULL; +@@ -345,7 +344,7 @@ + if (!(mask & APHTP_DELUSER)) { + i = mkrecord(&ctx, user); + if (i != 0) { +- apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr); ++ apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr); + exit(i); + } + if (mask & APHTP_NOFILE) { diff --git a/httpd.spec b/httpd.spec index b09ee86..20c1ec2 100644 --- a/httpd.spec +++ b/httpd.spec @@ -14,7 +14,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.4 -Release: 5%{?dist} +Release: 6%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -64,6 +64,9 @@ Patch31: httpd-2.4.4-sslmultiproxy.patch # Bug fixes Patch50: httpd-2.4.2-r1374214+.patch Patch51: httpd-2.4.3-sslsninotreq.patch +Patch52: httpd-2.4.4-r1476674.patch +Patch53: httpd-2.4.4-mod_cache-tmppath.patch +Patch54: httpd-2.4.4-dump-vhost-twice.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -188,6 +191,9 @@ interface for storing and accessing per-user session data. %patch50 -p1 -b .r1374214+ %patch51 -p1 -b .sninotreq +%patch52 -p1 -b .r1476674 +%patch53 -p1 -b .tmppath +%patch54 -p1 -b .vhosttwice # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h @@ -610,6 +616,11 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Mon May 20 2013 Jan Kaluza - 2.4.4-6 +- htpasswd/htdbm: fix hash generation bug (#956344) +- do not dump vhosts twice in httpd -S output (#928761) +- mod_cache: fix potential crash caused by uninitialized variable (#954109) + * Thu Apr 18 2013 Jan Kaluza - 2.4.4-5 - execute systemctl reload as result of apachectl graceful - mod_ssl: ignore SNI hints unless required by config