rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request

Browse Source 
smuggling
This commit is contained in:
Luboš Uhliarik 2022-07-20 16:41:33 +02:00
parent 3bed4484eb
commit 4e955b0b8d
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
httpd-2.4.53-CVE-2022-26377.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index e2992fc..46d42bc 100644
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -246,9 +246,18 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
/* read the first block of data */
input_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
- if (tenc && (ap_cstr_casecmp(tenc, "chunked") == 0)) {
- /* The AJP protocol does not want body data yet */
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00870) "request is chunked");
+ if (tenc) {
+ if (ap_cstr_casecmp(tenc, "chunked") == 0) {
+ /* The AJP protocol does not want body data yet */
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00870)
+ "request is chunked");
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10396)
+ "%s Transfer-Encoding is not supported",
+ tenc);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
} else {
/* Get client provided Content-Length header */
content_length = get_content_length(r);

11
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.53 Version: 2.4.53
Release: 6%{?dist} Release: 7%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -116,7 +116,8 @@ Patch67: httpd-2.4.51-r1811831.patch
Patch68: httpd-2.4.53-r1878890.patch Patch68: httpd-2.4.53-r1878890.patch
# Security fixes # Security fixes
#Patch200: patchname # https://bugzilla.redhat.com/show_bug.cgi?id=2094997
Patch200: httpd-2.4.53-CVE-2022-26377.patch
License: ASL 2.0 License: ASL 2.0
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
@ -284,6 +285,8 @@ written in the Lua programming language.
%patch67 -p1 -b .r1811831 %patch67 -p1 -b .r1811831
%patch68 -p1 -b .r1878890 %patch68 -p1 -b .r1878890
##patch200 -p1 -b .CVE-2022-26377
# Patch in the vendor string # Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
sed -i 's/@RELEASE@/%{release}/' server/core.c sed -i 's/@RELEASE@/%{release}/' server/core.c
@ -842,6 +845,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Wed Jul 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-7
- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request
smuggling
* Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-6 * Mon Jun 27 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-6
- Related: #2065677 - httpd minimisation for ubi-micro - Related: #2065677 - httpd minimisation for ubi-micro