[apache2] 01/04: Fix SNI hostname comparison

Stefan Fritsch sf at moszumanska.debian.org
Tue Dec 23 22:54:01 UTC 2014


This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch wheezy
in repository apache2.

commit 606a057190d197e1c7943648fd8787ff70be2222
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Dec 23 23:10:36 2014 +0100

    Fix SNI hostname comparison
---
 debian/changelog                        |  1 +
 debian/patches/SNI_case_insensitve.diff | 13 +++++++++++++
 debian/patches/series                   |  1 +
 3 files changed, 15 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index d5f2a9d..ce0213d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ apache2 (2.2.22-13+deb7u4) UNRELEASED; urgency=high
     The new behavior is to not merge trailers into the headers autmatically.
     A new directive "MergeTrailers" is introduced to restore the old
     behavior.
+  * Fix hostname comparison with SNI to be case insensitive. Closes: #771199
 
  -- Stefan Fritsch <sf at debian.org>  Sun, 09 Nov 2014 14:38:26 +0100
 
diff --git a/debian/patches/SNI_case_insensitve.diff b/debian/patches/SNI_case_insensitve.diff
new file mode 100644
index 0000000..0fdab3f
--- /dev/null
+++ b/debian/patches/SNI_case_insensitve.diff
@@ -0,0 +1,13 @@
+# https://svn.apache.org/viewvc?view=revision&revision=r1515565
+# http://bugs.debian.org/771199
+--- apache2.orig/modules/ssl/ssl_engine_kernel.c
++++ apache2/modules/ssl/ssl_engine_kernel.c
+@@ -136,7 +136,7 @@ int ssl_hook_ReadReq(request_rec *r)
+         if (rv != APR_SUCCESS || scope_id) {
+             return HTTP_BAD_REQUEST;
+         }
+-        if (strcmp(host, servername)) {
++        if (strcasecmp(host, servername)) {
+             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                         "Hostname %s provided via SNI and hostname %s provided"
+                         " via HTTP are different", servername, host);
diff --git a/debian/patches/series b/debian/patches/series
index da1c001..e8fcdc7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,3 +46,4 @@ CVE-2014-0226_scoreboard.patch
 CVE-2014-0231_mod_cgid-DoS.patch
 CVE-2014-0118_mod_deflate-DoS.patch
 CVE-2013-5704_trailers.patch
+SNI_case_insensitve.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git



More information about the Pkg-apache-commits mailing list