[apache2] 03/05: CVE-2017-7668: Buffer overrun in ap_find_token()
Stefan Fritsch
sf at moszumanska.debian.org
Tue Jun 20 19:54:47 UTC 2017
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch jessie
in repository apache2.
commit 197bab3a4123e656ad341ee2f88ed3236b92f3eb
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Jun 20 20:59:56 2017 +0200
CVE-2017-7668: Buffer overrun in ap_find_token()
---
debian/changelog | 1 +
debian/patches/CVE-2017-7668.diff | 32 ++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 34 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 87b6af0..1ef3169 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ apache2 (2.4.10-10+deb8u9) UNRELEASED; urgency=medium
* CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
* CVE-2017-3169: mod_ssl NULL pointer dereference
+ * CVE-2017-7668: Buffer overrun in ap_find_token()
-- Stefan Fritsch <sf at debian.org> Tue, 20 Jun 2017 20:42:01 +0200
diff --git a/debian/patches/CVE-2017-7668.diff b/debian/patches/CVE-2017-7668.diff
new file mode 100644
index 0000000..98e67cd
--- /dev/null
+++ b/debian/patches/CVE-2017-7668.diff
@@ -0,0 +1,32 @@
+#commit a585e36e06a53170be6d2d462ceb5b30b8382988
+#Author: Jim Jagielski <jim at apache.org>
+#Date: Tue May 30 12:28:20 2017 +0000
+#
+# Merge r1796350 from trunk:
+#
+# short-circuit on NULL
+#
+# Submitted By: jchampion
+#
+#
+# Submitted by: covener
+# Reviewed by: covener, ylavic, jim
+#
+#
+# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796856 13f79535-47bb-0310-9956-ffa450edef68
+#
+--- apache2.orig/server/util.c
++++ apache2/server/util.c
+@@ -1506,10 +1506,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t
+
+ s = (const unsigned char *)line;
+ for (;;) {
+- /* find start of token, skip all stop characters, note NUL
+- * isn't a token stop, so we don't need to test for it
+- */
+- while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
++ /* find start of token, skip all stop characters */
++ while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+ ++s;
+ }
+ if (!*s) {
diff --git a/debian/patches/series b/debian/patches/series
index 69d7283..7ca57d5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,4 @@ CVE-2016-8743-enforce_http.diff
hostnames_with_underscores.diff
CVE-2017-3167.diff
CVE-2017-3169.diff
+CVE-2017-7668.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list