Backport bnotes needed by RHEL-46040 fix

bnotes are actually not bnotes, but it has been slightly modified for 2.4.37 purposes to use r->notes, since bnotes are not available in this httpd version and we didn't want to break ABI. Related: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476)
2024-08-07 02:09:15 +02:00 · 2024-08-07 02:09:15 +02:00 · 7c8cd94061
commit 7c8cd94061
parent 1ecb24514e
1 changed files with 33 additions and 10 deletions
--- a/httpd-2.4.37-CVE-2024-38476.patch
+++ b/httpd-2.4.37-CVE-2024-38476.patch
@ -1,3 +1,8 @@
+
+-- backported bnotes needed by this CVE fix from https://svn.apache.org/viewvc?view=revision&revision=1887384
+-- modified it a little bit so it actually doesn't store bnotes into req structure to not brake compatibility
+-- but it stores AP_REQUEST_TRUSTED_CT info into r->notes
+
 diff --git a/include/http_protocol.h b/include/http_protocol.h
 index 8ed77ac..81949ca 100644
 --- a/include/http_protocol.h
@ -21,22 +26,40 @@ index 8ed77ac..81949ca 100644
  * Set the Accept-Ranges header for this response
  * @param r The current request
 diff --git a/include/httpd.h b/include/httpd.h
-index 99f7f04..a82560c 100644
+index 99f7f04..d8746c1 100644
 --- a/include/httpd.h
 +++ b/include/httpd.h
-@@ -699,6 +699,8 @@ struct ap_method_list_t {
- #define REQUEST_CHUNKED_DECHUNK  2
- /** @} // values_request_rec_body */
+@@ -645,6 +645,7 @@ struct ap_method_list_t {
+     /** the array used for extension methods */
+     apr_array_header_t *method_list;
+ };
+/** @} */
 
-+#define AP_REQUEST_TRUSTED_CT  1 << 1
-+
 /**
-  * @defgroup values_request_rec_used_path_info Possible values for request_rec.used_path_info
-  * @ingroup APACHE_CORE_DAEMON
-@@ -715,6 +717,12 @@ struct ap_method_list_t {
+  * @defgroup module_magic Module Magic mime types
+@@ -715,6 +716,31 @@ struct ap_method_list_t {
 
 /** @} // values_request_rec_used_path_info */
 
+#define AP_REQUEST_TRUSTED_CT  "rh-bnotes-trusted-ct"
+
+/**
+ * This is a convenience macro to ease with getting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_GET_BNOTE(r, mask) (apr_table_get(r->notes, mask) ? 1 : 0)
+
+/**
+ * This is a convenience macro to ease with setting specific request
+ * binary notes.
+ */
+#define AP_REQUEST_SET_BNOTE(r, mask, val) do { \
+    if (val)                                    \
+        apr_table_setn(r->notes, mask, "1");    \
+    else                                        \
+        apr_table_unset(r->notes, mask);        \
+} while (0)
+
 +/**
 + * Returns true if the content-type field is from a trusted source
 + */
@ -47,7 +70,7 @@ index 99f7f04..a82560c 100644
 /*
  * Things which may vary per file-lookup WITHIN a request ---
 diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
-index dcafa9c..417fee6 100644
+index df862e0..d003aea 100644
 --- a/modules/http/http_protocol.c
 +++ b/modules/http/http_protocol.c
@@ -1077,8 +1077,14 @@ AP_DECLARE(void) ap_set_content_type(request_rec *r, const char *ct)