Fix CVE-2010-1452

ok sthen@, landry@
2011-02-12 21:05:38 +00:00 · 2011-02-12 21:05:38 +00:00 · 9b749c36f3
commit 9b749c36f3
parent f8fdd4d5e2
3 changed files with 42 additions and 1 deletions
--- a/www/apache-httpd/Makefile
+++ b/www/apache-httpd/Makefile
@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.26 2010/11/22 08:36:47 espie Exp $
+# $OpenBSD: Makefile,v 1.27 2011/02/12 21:05:38 pea Exp $

 COMMENT=	apache HTTP server

 V=		2.2.15
 PKGNAME=	apache-httpd-${V}
 DISTNAME=	httpd-${V}
+REVISION=	0

 CATEGORIES=	www net

--- a/www/apache-httpd/patches/patch-modules_cache_cache_storage_c
+++ b/www/apache-httpd/patches/patch-modules_cache_cache_storage_c
@ -0,0 +1,24 @@
+$OpenBSD: patch-modules_cache_cache_storage_c,v 1.1 2011/02/12 21:05:38 pea Exp $
+
+Fix CVE-2010-1452
+
+--- modules/cache/cache_storage.c.orig	Sat Feb 27 19:54:40 2010
+++ modules/cache/cache_storage.c	Tue Feb  8 11:56:28 2011
+@@ -479,7 +479,7 @@ apr_status_t cache_generate_key_default(request_rec *r
+      * Check if we need to ignore session identifiers in the URL and do so
+      * if needed.
+      */
+-    path = r->parsed_uri.path;
+    path = r->uri;
+     querystring = r->parsed_uri.query;
+     if (conf->ignore_session_id->nelts) {
+         int i;
+@@ -546,7 +546,7 @@ apr_status_t cache_generate_key_default(request_rec *r
+      */
+     cache->key = apr_pstrdup(r->pool, *key);
+     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+-                 "cache: Key for entity %s?%s is %s", r->parsed_uri.path,
+                 "cache: Key for entity %s?%s is %s", r->uri,
+                  r->parsed_uri.query, *key);
+ 
+     return APR_SUCCESS;
--- a/www/apache-httpd/patches/patch-modules_dav_main_util_c
+++ b/www/apache-httpd/patches/patch-modules_dav_main_util_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-modules_dav_main_util_c,v 1.1 2011/02/12 21:05:38 pea Exp $
+
+Fix CVE-2010-1452
+
+--- modules/dav/main/util.c.orig	Sat Jan  5 10:45:07 2008
+++ modules/dav/main/util.c	Tue Feb  8 11:56:28 2011
+@@ -624,7 +624,8 @@ static dav_error * dav_process_if_header(request_rec *
+ 
+             /* 2518 specifies this must be an absolute URI; just take the
+              * relative part for later comparison against r->uri */
+-            if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS) {
+            if (apr_uri_parse(r->pool, uri, &parsed_uri) != APR_SUCCESS
+                || !parsed_uri.path) {
+                 return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                                      DAV_ERR_IF_TAGGED,
+                                      "Invalid URI in tagged If-header.");