Fix for CVE-2014-0032, mod_dav_svn DoS vulnerability with SVNListParentPath
ok aja, jasper
This commit is contained in:
parent
d2847d11c9
commit
afb1a361f7
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.130 2014/01/20 15:12:24 stsp Exp $
|
||||
# $OpenBSD: Makefile,v 1.131 2014/02/20 21:15:31 stsp Exp $
|
||||
|
||||
COMMENT-main= subversion revision control system
|
||||
COMMENT-perl= perl interface to subversion
|
||||
@ -10,6 +10,7 @@ COMMENT-gnome-keyring= GNOME keyring support for subversion
|
||||
VERSION= 1.8.5
|
||||
DISTNAME= subversion-${VERSION}
|
||||
REVISION-main = 0
|
||||
REVISION-ap2 = 0
|
||||
PKGNAME-main= ${DISTNAME}
|
||||
FULLPKGNAME-perl= p5-SVN-${VERSION}
|
||||
FULLPKGPATH-perl= devel/subversion,-perl
|
||||
|
@ -0,0 +1,30 @@
|
||||
$OpenBSD: patch-subversion_mod_dav_svn_repos_c,v 1.2 2014/02/20 21:15:31 stsp Exp $
|
||||
CVE-2014-0032: mod_dav_svn DoS vulnerability with SVNListParentPath
|
||||
--- subversion/mod_dav_svn/repos.c.orig Thu Nov 14 22:02:26 2013
|
||||
+++ subversion/mod_dav_svn/repos.c Thu Feb 20 19:55:28 2014
|
||||
@@ -1971,6 +1971,25 @@ get_resource(request_rec *r,
|
||||
of private resource, iff the SVNListParentPath directive is 'on'. */
|
||||
if (dav_svn__is_parentpath_list(r))
|
||||
{
|
||||
+ /* Only allow GET and HEAD on the parentpath resource
|
||||
+ * httpd uses the same method_number for HEAD as GET */
|
||||
+ if (r->method_number != M_GET)
|
||||
+ {
|
||||
+ int status;
|
||||
+
|
||||
+ /* Marshall the error back to the client by generating by
|
||||
+ * way of the dav_svn__error_response_tag trick. */
|
||||
+ err = dav_svn__new_error(r->pool, HTTP_METHOD_NOT_ALLOWED,
|
||||
+ SVN_ERR_APMOD_MALFORMED_URI,
|
||||
+ "The URI does not contain the name "
|
||||
+ "of a repository.");
|
||||
+ /* can't use r->allowed since the default handler isn't called */
|
||||
+ apr_table_setn(r->headers_out, "Allow", "GET,HEAD");
|
||||
+ status = dav_svn__error_response_tag(r, err);
|
||||
+
|
||||
+ return dav_push_error(r->pool, status, err->error_id, NULL, err);
|
||||
+ }
|
||||
+
|
||||
err = get_parentpath_resource(r, resource);
|
||||
if (err)
|
||||
return err;
|
Loading…
Reference in New Issue
Block a user