[apache2] 06/08: CVE-2018-1303: Possible out of bound read in mod_cache_socache

Stefan Fritsch sf at moszumanska.debian.org
Sat Mar 31 09:17:26 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch stretch
in repository apache2.

commit 01e4c1107d0efc16aa4573f016943feb82681c8f
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Fri Mar 30 16:40:41 2018 +0200

    CVE-2018-1303: Possible out of bound read in mod_cache_socache
---
 debian/changelog                                        |  1 +
 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff | 14 ++++++++++++++
 debian/patches/series                                   |  1 +
 3 files changed, 16 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 307c97c..38fde83 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ apache2 (2.4.25-3+deb9u4) UNRELEASED; urgency=medium
   * CVE-2018-1283: Tampering of mod_session data for CGI applications.
   * CVE-2018-1301: Possible out of bound access after failure in reading the
     HTTP request
+  * CVE-2018-1303: Possible out of bound read in mod_cache_socache
 
  -- Stefan Fritsch <sf at debian.org>  Fri, 30 Mar 2018 16:01:25 +0200
 
diff --git a/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
new file mode 100644
index 0000000..0ed6f8a
--- /dev/null
+++ b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
@@ -0,0 +1,14 @@
+# CVE-2018-1303
+# https://svn.apache.org/r1824475
+--- apache2.orig/modules/cache/mod_cache_socache.c
++++ apache2/modules/cache/mod_cache_socache.c
+@@ -213,7 +213,8 @@ static apr_status_t read_table(cache_han
+                         "Premature end of cache headers.");
+                 return APR_EGENERAL;
+             }
+-            while (apr_isspace(buffer[colon])) {
++            /* Do not go past the \r from above as apr_isspace('\r') is true */
++            while (apr_isspace(buffer[colon]) && (colon < *slider)) {
+                 colon++;
+             }
+             apr_table_addn(table, apr_pstrndup(r->pool, (const char *) buffer
diff --git a/debian/patches/series b/debian/patches/series
index b7667d1..9e450f0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,3 +23,4 @@ CVE-2017-15710-mod_authnz_ldap.diff
 CVE-2017-15715-regex-line-endings.diff
 CVE-2018-1283-mod_session.diff
 CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
+CVE-2018-1303-mod_cache_socache-oob.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list