rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport bnotes needed by RHEL-46040 fix

Browse Source 
bnotes are actually not bnotes, but it has been slightly modified for
2.4.37 purposes to use r->notes, since bnotes are not available in this
httpd version and we didn't want to break ABI.

Related: RHEL-46040 - httpd:2.4/httpd: Security issues via backend
applications whose response headers are malicious or exploitable (CVE-2024-38476)
This commit is contained in:
Luboš Uhliarik 2024-08-07 02:09:15 +02:00
parent 1ecb24514e
commit 7c8cd94061
1 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
httpd-2.4.37-CVE-2024-38476.patch
View File

@ -1,3 +1,8 @@
-- backported bnotes needed by this CVE fix from https://svn.apache.org/viewvc?view=revision&revision=1887384
-- modified it a little bit so it actually doesn't store bnotes into req structure to not brake compatibility
-- but it stores AP_REQUEST_TRUSTED_CT info into r->notes
diff --git a/include/http_protocol.h b/include/http_protocol.h diff --git a/include/http_protocol.h b/include/http_protocol.h
index 8ed77ac..81949ca 100644 index 8ed77ac..81949ca 100644
--- a/include/http_protocol.h --- a/include/http_protocol.h
@ -21,22 +26,40 @@ index 8ed77ac..81949ca 100644
* Set the Accept-Ranges header for this response * Set the Accept-Ranges header for this response
* @param r The current request * @param r The current request
diff --git a/include/httpd.h b/include/httpd.h diff --git a/include/httpd.h b/include/httpd.h
index 99f7f04..a82560c 100644 index 99f7f04..d8746c1 100644
--- a/include/httpd.h --- a/include/httpd.h
+++ b/include/httpd.h +++ b/include/httpd.h
@@ -699,6 +699,8 @@ struct ap_method_list_t { @@ -645,6 +645,7 @@ struct ap_method_list_t {
#define REQUEST_CHUNKED_DECHUNK 2 /** the array used for extension methods */
/** @} // values_request_rec_body */ apr_array_header_t *method_list;
};
+/** @} */
+#define AP_REQUEST_TRUSTED_CT 1 << 1
+
/** /**
* @defgroup values_request_rec_used_path_info Possible values for request_rec.used_path_info * @defgroup module_magic Module Magic mime types
* @ingroup APACHE_CORE_DAEMON @@ -715,6 +716,31 @@ struct ap_method_list_t {
@@ -715,6 +717,12 @@ struct ap_method_list_t {
/** @} // values_request_rec_used_path_info */ /** @} // values_request_rec_used_path_info */
+#define AP_REQUEST_TRUSTED_CT "rh-bnotes-trusted-ct"
+
+/**
+ * This is a convenience macro to ease with getting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_GET_BNOTE(r, mask) (apr_table_get(r->notes, mask) ? 1 : 0)
+
+/**
+ * This is a convenience macro to ease with setting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_SET_BNOTE(r, mask, val) do { \
+ if (val) \
+ apr_table_setn(r->notes, mask, "1"); \
+ else \
+ apr_table_unset(r->notes, mask); \
+} while (0)
+
+/** +/**
+ * Returns true if the content-type field is from a trusted source + * Returns true if the content-type field is from a trusted source
+ */ + */
@ -47,7 +70,7 @@ index 99f7f04..a82560c 100644
/* /*
* Things which may vary per file-lookup WITHIN a request --- * Things which may vary per file-lookup WITHIN a request ---
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index dcafa9c..417fee6 100644 index df862e0..d003aea 100644
--- a/modules/http/http_protocol.c --- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c
@@ -1077,8 +1077,14 @@ AP_DECLARE(void) ap_set_content_type(request_rec *r, const char *ct) @@ -1077,8 +1077,14 @@ AP_DECLARE(void) ap_set_content_type(request_rec *r, const char *ct)