import varnish-6.6.2-3.el9
This commit is contained in:
parent
d8e469f836
commit
fcdc43b869
76
SOURCES/varnish-6.6.2-CVE-2022-45060.patch
Normal file
76
SOURCES/varnish-6.6.2-CVE-2022-45060.patch
Normal file
@ -0,0 +1,76 @@
|
||||
diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c
|
||||
index 6bc062e..570b871 100644
|
||||
--- a/bin/varnishd/http2/cache_http2_hpack.c
|
||||
+++ b/bin/varnishd/http2/cache_http2_hpack.c
|
||||
@@ -97,11 +97,16 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
/* XXX: This might belong in cache/cache_http.c */
|
||||
const char *b0;
|
||||
unsigned n;
|
||||
+ int disallow_empty;
|
||||
+ char *p;
|
||||
+ int i;
|
||||
|
||||
CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
|
||||
AN(b);
|
||||
assert(namelen >= 2); /* 2 chars from the ': ' that we added */
|
||||
assert(namelen <= len);
|
||||
+
|
||||
+ disallow_empty = 0;
|
||||
|
||||
if (len > UINT_MAX) { /* XXX: cache_param max header size */
|
||||
VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", b);
|
||||
@@ -117,10 +122,24 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
b += namelen;
|
||||
len -= namelen;
|
||||
n = HTTP_HDR_METHOD;
|
||||
+ disallow_empty = 1;
|
||||
+
|
||||
+ /* First field cannot contain SP or CTL */
|
||||
+ for (p = b, i = 0; i < len; p++, i++) {
|
||||
+ if (vct_issp(*p) || vct_isctl(*p))
|
||||
+ return (H2SE_PROTOCOL_ERROR);
|
||||
+ }
|
||||
} else if (!strncmp(b, ":path: ", namelen)) {
|
||||
b += namelen;
|
||||
len -= namelen;
|
||||
n = HTTP_HDR_URL;
|
||||
+ disallow_empty = 1;
|
||||
+
|
||||
+ /* Second field cannot contain LWS or CTL */
|
||||
+ for (p = b, i = 0; i < len; p++, i++) {
|
||||
+ if (vct_islws(*p) || vct_isctl(*p))
|
||||
+ return (H2SE_PROTOCOL_ERROR);
|
||||
+ }
|
||||
} else if (!strncmp(b, ":scheme: ", namelen)) {
|
||||
/* XXX: What to do about this one? (typically
|
||||
"http" or "https"). For now set it as a normal
|
||||
@@ -128,6 +147,15 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
b++;
|
||||
len-=1;
|
||||
n = hp->nhd;
|
||||
+
|
||||
+ for (p = b + namelen, i = 0; i < len-namelen;
|
||||
+ p++, i++) {
|
||||
+ if (vct_issp(*p) || vct_isctl(*p))
|
||||
+ return (H2SE_PROTOCOL_ERROR);
|
||||
+ }
|
||||
+
|
||||
+ if (!i)
|
||||
+ return (H2SE_PROTOCOL_ERROR);
|
||||
} else if (!strncmp(b, ":authority: ", namelen)) {
|
||||
b+=6;
|
||||
len-=6;
|
||||
@@ -164,6 +192,13 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len)
|
||||
hp->hd[n].b = b;
|
||||
hp->hd[n].e = b + len;
|
||||
|
||||
+ if (disallow_empty && !Tlen(hp->hd[n])) {
|
||||
+ VSLb(hp->vsl, SLT_BogoHeader,
|
||||
+ "Empty pseudo-header %.*s",
|
||||
+ (int)namelen, b0);
|
||||
+ return (H2SE_PROTOCOL_ERROR);
|
||||
+ }
|
||||
+
|
||||
return (0);
|
||||
}
|
||||
|
@ -23,7 +23,7 @@
|
||||
Summary: High-performance HTTP accelerator
|
||||
Name: varnish
|
||||
Version: 6.6.2
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: BSD
|
||||
URL: https://www.varnish-cache.org/
|
||||
Source0: http://varnish-cache.org/_downloads/%{name}-%{version}.tgz
|
||||
@ -64,6 +64,9 @@ Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/%{commit1}.ta
|
||||
# Patch 018: gcc-10.0.1/s390x compilation fix, upstream commit b0af060
|
||||
#Patch18: varnish-6.3.2_fix_s390x.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2141844
|
||||
Patch100: varnish-6.6.2-CVE-2022-45060.patch
|
||||
|
||||
%if 0%{?fedora} > 29
|
||||
Provides: varnish%{_isa} = %{version}-%{release}
|
||||
Provides: varnishd(abi)%{_isa} = %{abi}
|
||||
@ -156,6 +159,8 @@ ln -s pkg-varnish-cache-%{commit1}/debian debian
|
||||
cp redhat/find-provides .
|
||||
sed -i 's,rst2man-3.6,rst2man-3.4,g; s,rst2html-3.6,rst2html-3.4,g; s,phinx-build-3.6,phinx-build-3.4,g' configure
|
||||
|
||||
%patch100 -p1 -b .CVE-2022-45060
|
||||
|
||||
%build
|
||||
# https://gcc.gnu.org/wiki/FAQ#PR323
|
||||
%ifarch %ix86
|
||||
@ -300,6 +305,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-3
|
||||
- Resolves: #2142096 - CVE-2022-45060 varnish: Request Forgery Vulnerability
|
||||
|
||||
* Thu Feb 17 2022 Luboš Uhliarik <luhliari@redhat.com> - 6.6.2-2
|
||||
- new version 6.6.2
|
||||
- Resolves: #2007641 - rebase Varnish to 6.6.2
|
||||
|
Loading…
Reference in New Issue
Block a user