[apache2] 01/01: CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory

Stefan Fritsch sf at moszumanska.debian.org
Tue Jul 18 18:47:50 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch jessie
in repository apache2.

commit 40bab0ff86e4512e367837c70ad74af2e9861f97
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Jul 18 20:30:14 2017 +0200

    CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
---
 debian/changelog                                  |  6 +++++
 debian/patches/CVE-2017-9788-mod_auth_digest.diff | 28 +++++++++++++++++++++++
 debian/patches/series                             |  1 +
 3 files changed, 35 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index c202af4..398fee2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+apache2 (2.4.10-10+deb8u10) jessie-security; urgency=medium
+
+  * CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
+
+ -- Stefan Fritsch <sf at debian.org>  Tue, 18 Jul 2017 20:29:16 +0200
+
 apache2 (2.4.10-10+deb8u9) jessie-security; urgency=medium
 
   * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
diff --git a/debian/patches/CVE-2017-9788-mod_auth_digest.diff b/debian/patches/CVE-2017-9788-mod_auth_digest.diff
new file mode 100644
index 0000000..4426088
--- /dev/null
+++ b/debian/patches/CVE-2017-9788-mod_auth_digest.diff
@@ -0,0 +1,28 @@
+# https://svn.apache.org/viewvc?view=revision&revision=1800955
+--- apache2.orig/modules/aaa/mod_auth_digest.c
++++ apache2/modules/aaa/mod_auth_digest.c
+@@ -956,13 +956,13 @@ static int get_digest_rec(request_rec *r
+ 
+         /* find value */
+ 
++        vv = 0;
+         if (auth_line[0] == '=') {
+             auth_line++;
+             while (apr_isspace(auth_line[0])) {
+                 auth_line++;
+             }
+ 
+-            vv = 0;
+             if (auth_line[0] == '\"') {         /* quoted string */
+                 auth_line++;
+                 while (auth_line[0] != '\"' && auth_line[0] != '\0') {
+@@ -981,8 +981,8 @@ static int get_digest_rec(request_rec *r
+                     value[vv++] = *auth_line++;
+                 }
+             }
+-            value[vv] = '\0';
+         }
++        value[vv] = '\0';
+ 
+         while (auth_line[0] != ',' && auth_line[0] != '\0') {
+             auth_line++;
diff --git a/debian/patches/series b/debian/patches/series
index 749efb3..c600844 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,3 +29,4 @@ CVE-2017-3167.diff
 CVE-2017-3169.diff
 CVE-2017-7668.diff
 CVE-2017-7679.diff
+CVE-2017-9788-mod_auth_digest.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list