rpms/mod_http2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with

Browse Source 
mod_rewrite and mod_proxy
This commit is contained in:
Luboš Uhliarik 2023-08-16 18:01:21 +02:00
parent a2e019118d
commit d326eaaec5
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
mod_http2-1.15.19-CVE-2023-25690.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c
index 893aa8f..d52d5d9 100644
--- a/mod_http2/mod_proxy_http2.c
+++ b/mod_http2/mod_proxy_http2.c
@@ -154,11 +154,25 @@ static int proxy_http2_canon(request_rec *r, char *url)
if (apr_table_get(r->notes, "proxy-nocanon")) {
path = url; /* this is the raw path */
}
+ else if (apr_table_get(r->notes, "proxy-noencode")) {
+ path = url; /* this is the encoded path already */
+ search = r->args;
+ }
else {
path = ap_proxy_canonenc(r->pool, url, (int)strlen(url),
enc_path, 0, r->proxyreq);
search = r->args;
}
+ if (search && *ap_scan_vchar_obstext(search)) {
+ /*
+ * We have a raw control character or a ' ' in r->args.
+ * Correct encoding was missed.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
+ "To be forwarded query string contains control "
+ "characters or spaces");
+ return HTTP_FORBIDDEN;
+ }
break;
case PROXYREQ_PROXY:
path = url;

11
mod_http2.spec
View File

@ -3,7 +3,7 @@
Name: mod_http2 Name: mod_http2
Version: 1.15.19 Version: 1.15.19
Release: 4%{?dist} Release: 5%{?dist}
Summary: module implementing HTTP/2 for Apache 2 Summary: module implementing HTTP/2 for Apache 2
License: ASL 2.0 License: ASL 2.0
URL: https://icing.github.io/mod_h2/ URL: https://icing.github.io/mod_h2/
@ -14,6 +14,8 @@ Patch2: mod_http2-1.15.14-openssl30.patch
# Security patches: # Security patches:
# https://bugzilla.redhat.com/show_bug.cgi?id=2034672 # https://bugzilla.redhat.com/show_bug.cgi?id=2034672
Patch100: mod_http2-1.15.19-CVE-2021-44224.patch Patch100: mod_http2-1.15.19-CVE-2021-44224.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2176209
Patch101: mod_http2-1.15.19-CVE-2023-25690.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -21,7 +23,7 @@ BuildRequires: pkgconfig, httpd-devel >= 2.4.20, libnghttp2-devel >= 1.7.0, open
BuildRequires: autoconf, libtool, /usr/bin/hostname BuildRequires: autoconf, libtool, /usr/bin/hostname
Requires: httpd-mmn = %{_httpd_mmn} Requires: httpd-mmn = %{_httpd_mmn}
Requires: httpd >= 2.4.51-7 Requires: httpd >= 2.4.51-7
Conflicts: httpd < 2.4.25-8 Conflicts: httpd < 2.4.57
%description %description
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
@ -33,6 +35,7 @@ top of libnghttp2 for httpd 2.4 servers.
%patch2 -p1 -b .openssl30 %patch2 -p1 -b .openssl30
%patch100 -p1 -b .CVE-2021-44224 %patch100 -p1 -b .CVE-2021-44224
%patch101 -p1 -b .CVE-2023-25690
%build %build
autoreconf -i autoreconf -i
@ -57,6 +60,10 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
%{_httpd_moddir}/mod_proxy_http2.so %{_httpd_moddir}/mod_proxy_http2.so
%changelog %changelog
* Wed Aug 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.15.19-5
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.19-4 * Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.19-4
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken - Resolves: #2143176 - Dependency from mod_http2 on httpd broken