[apache2] 01/01: CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory

Stefan Fritsch sf at moszumanska.debian.org
Tue Jul 18 18:47:51 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch stretch
in repository apache2.

commit b2010cb906696f5aff3b75765de0ac04a4ca6c6d
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Jul 18 20:30:14 2017 +0200

    CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
---
 debian/changelog                                  |  6 +++++
 debian/patches/CVE-2017-9788-mod_auth_digest.diff | 28 +++++++++++++++++++++++
 debian/patches/series                             |  1 +
 3 files changed, 35 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 99b5c16..51ef728 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+apache2 (2.4.25-3+deb9u2) stretch-security; urgency=medium
+
+  * CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
+
+ -- Stefan Fritsch <sf at debian.org>  Tue, 18 Jul 2017 20:37:33 +0200
+
 apache2 (2.4.25-3+deb9u1) stretch-security; urgency=high
 
   * Backport security fixes from 2.4.26:
diff --git a/debian/patches/CVE-2017-9788-mod_auth_digest.diff b/debian/patches/CVE-2017-9788-mod_auth_digest.diff
new file mode 100644
index 0000000..4426088
--- /dev/null
+++ b/debian/patches/CVE-2017-9788-mod_auth_digest.diff
@@ -0,0 +1,28 @@
+# https://svn.apache.org/viewvc?view=revision&revision=1800955
+--- apache2.orig/modules/aaa/mod_auth_digest.c
++++ apache2/modules/aaa/mod_auth_digest.c
+@@ -956,13 +956,13 @@ static int get_digest_rec(request_rec *r
+ 
+         /* find value */
+ 
++        vv = 0;
+         if (auth_line[0] == '=') {
+             auth_line++;
+             while (apr_isspace(auth_line[0])) {
+                 auth_line++;
+             }
+ 
+-            vv = 0;
+             if (auth_line[0] == '\"') {         /* quoted string */
+                 auth_line++;
+                 while (auth_line[0] != '\"' && auth_line[0] != '\0') {
+@@ -981,8 +981,8 @@ static int get_digest_rec(request_rec *r
+                     value[vv++] = *auth_line++;
+                 }
+             }
+-            value[vv] = '\0';
+         }
++        value[vv] = '\0';
+ 
+         while (auth_line[0] != ',' && auth_line[0] != '\0') {
+             auth_line++;
diff --git a/debian/patches/series b/debian/patches/series
index d46db24..dcdf8c3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,4 @@ CVE-2017-3169.diff
 CVE-2017-7659.diff
 CVE-2017-7668.diff
 CVE-2017-7679.diff
+CVE-2017-9788-mod_auth_digest.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list