rpms/httpd
6
0
Fork 0
Code Issues Pull Requests Releases Activity
d31560dca2
httpd/SOURCES/httpd-2.4.37-CVE-2025-66200.patch

59 lines
2.3 KiB
Diff
Raw Blame History

From 9d26b95787b229a3f6195d7beead774d131eeda1 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 1 Dec 2025 12:04:29 +0000
Subject: [PATCH] don't use request notes for suexec
also, stop accepting the obscure "note" option in
RequestHeader, it is only documented/described as being
meant for Header (output filter).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930164 13f79535-47bb-0310-9956-ffa450edef68
---
modules/mappers/mod_userdir.c | 4 ++--
modules/metadata/mod_headers.c | 6 +++++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/modules/mappers/mod_userdir.c b/modules/mappers/mod_userdir.c
index 1ec0e90..0a34fd3 100644
--- a/modules/mappers/mod_userdir.c
+++ b/modules/mappers/mod_userdir.c
@@ -334,7 +334,7 @@ static int translate_userdir(request_rec *r)
r->finfo = statbuf;
/* For use in the get_suexec_identity phase */
- apr_table_setn(r->notes, "mod_userdir_user", user);
+ ap_set_module_config(r->request_config, &userdir_module, (void *)user);
return OK;
}
@@ -348,7 +348,7 @@ static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
{
ap_unix_identity_t *ugid = NULL;
#if APR_HAS_USER
- const char *username = apr_table_get(r->notes, "mod_userdir_user");
+ const char *username = (const char*) ap_get_module_config(r->request_config, &userdir_module);
if (username == NULL) {
return NULL;
diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index 4838bd6..7fb2e6c 100644
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -455,8 +455,12 @@ static APR_INLINE const char *header_inout_cmd(cmd_parms *cmd,
new->action = hdr_edit;
else if (!strcasecmp(action, "edit*"))
new->action = hdr_edit_r;
- else if (!strcasecmp(action, "note"))
- new->action = hdr_note;
+ else if (!strcasecmp(action, "note")) {
+ if (cmd->info == &hdr_in) {
+ return "RequestHeader does not support the 'note' action";
+ }
+ new->action = hdr_note;
+ }
else
return "first argument must be 'add', 'set', 'setifempty', 'append', 'merge', "
"'unset', 'echo', 'note', 'edit', or 'edit*'.";
Reference in New Issue View Git Blame Copy Permalink