[apache2] 02/08: CVE-2017-15710: mod_authnz_ldap

[Stefan Fritsch]

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch stretch
in repository apache2.

commit 7ec3901cb04002875e4b986b8b81d4546939bcdb
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Fri Mar 30 16:02:40 2018 +0200

    CVE-2017-15710: mod_authnz_ldap
    
    Fix out of bound write in mod_authnz_ldap when using too small
    Accept-Language values.
---
 debian/changelog                                   |  7 +++++++
 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff | 21 +++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 29 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index d884166..38edfad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.4.25-3+deb9u4) UNRELEASED; urgency=medium
+
+  * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap
+    when using too small Accept-Language values.
+
+ -- Stefan Fritsch <sf at debian.org>  Fri, 30 Mar 2018 16:01:25 +0200
+
 apache2 (2.4.25-3+deb9u3) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff b/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
new file mode 100644
index 0000000..7797134
--- /dev/null
+++ b/debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
@@ -0,0 +1,21 @@
+# http://svn.apache.org/viewvc?view=revision&revision=1824456
+# CVE-2017-15710
+--- apache2.orig/modules/aaa/mod_authnz_ldap.c
++++ apache2/modules/aaa/mod_authnz_ldap.c
+@@ -126,9 +126,13 @@ static char* derive_codepage_from_lang (
+ 
+     charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
+ 
+-    if (!charset) {
+-        language[2] = '\0';
+-        charset = (char*) apr_hash_get(charset_conversions, language, APR_HASH_KEY_STRING);
++    /*
++     * Test if language values like 'en-US' return a match from the charset
++     * conversion map when shortened to 'en'.
++     */
++    if (!charset && strlen(language) > 3 && language[2] == '-') {
++        char *language_short = apr_pstrndup(p, language, 2);
++        charset = (char*) apr_hash_get(charset_conversions, language_short, APR_HASH_KEY_STRING);
+     }
+ 
+     if (charset) {
diff --git a/debian/patches/series b/debian/patches/series
index 98eb09d..0fa4a37 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ CVE-2017-7679.diff
 CVE-2017-9788-mod_auth_digest.diff
 
 core-Disallow-Methods-registration-at-run-time-.htac.patch
+CVE-2017-15710-mod_authnz_ldap.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git