[apache2] 03/05: CVE-2017-7668: Buffer overrun in ap_find_token()

Stefan Fritsch sf at moszumanska.debian.org
Tue Jun 20 19:54:47 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch jessie
in repository apache2.

commit 197bab3a4123e656ad341ee2f88ed3236b92f3eb
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Jun 20 20:59:56 2017 +0200

    CVE-2017-7668: Buffer overrun in ap_find_token()
---
 debian/changelog                  |  1 +
 debian/patches/CVE-2017-7668.diff | 32 ++++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 34 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 87b6af0..1ef3169 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ apache2 (2.4.10-10+deb8u9) UNRELEASED; urgency=medium
 
   * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
   * CVE-2017-3169: mod_ssl NULL pointer dereference
+  * CVE-2017-7668: Buffer overrun in ap_find_token()
 
  -- Stefan Fritsch <sf at debian.org>  Tue, 20 Jun 2017 20:42:01 +0200
 
diff --git a/debian/patches/CVE-2017-7668.diff b/debian/patches/CVE-2017-7668.diff
new file mode 100644
index 0000000..98e67cd
--- /dev/null
+++ b/debian/patches/CVE-2017-7668.diff
@@ -0,0 +1,32 @@
+#commit a585e36e06a53170be6d2d462ceb5b30b8382988
+#Author: Jim Jagielski <jim at apache.org>
+#Date:   Tue May 30 12:28:20 2017 +0000
+#
+#    Merge r1796350 from trunk:
+#    
+#    short-circuit on NULL
+#    
+#    Submitted By: jchampion
+#    
+#    
+#    Submitted by: covener
+#    Reviewed by: covener, ylavic, jim
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796856 13f79535-47bb-0310-9956-ffa450edef68
+#
+--- apache2.orig/server/util.c
++++ apache2/server/util.c
+@@ -1506,10 +1506,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t
+ 
+     s = (const unsigned char *)line;
+     for (;;) {
+-        /* find start of token, skip all stop characters, note NUL
+-         * isn't a token stop, so we don't need to test for it
+-         */
+-        while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
++        /* find start of token, skip all stop characters */
++        while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+             ++s;
+         }
+         if (!*s) {
diff --git a/debian/patches/series b/debian/patches/series
index 69d7283..7ca57d5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,4 @@ CVE-2016-8743-enforce_http.diff
 hostnames_with_underscores.diff
 CVE-2017-3167.diff
 CVE-2017-3169.diff
+CVE-2017-7668.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list