[apache2] 05/07: CVE-2018-1303: Possible out of bound read in mod_cache_socache
Stefan Fritsch
sf at moszumanska.debian.org
Sat Mar 31 09:46:39 UTC 2018
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch jessie
in repository apache2.
commit f78c6a813a25ab0647d60622a652d85ad5206799
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Fri Mar 30 16:40:41 2018 +0200
CVE-2018-1303: Possible out of bound read in mod_cache_socache
---
debian/changelog | 1 +
debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff | 14 ++++++++++++++
debian/patches/series | 1 +
3 files changed, 16 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 10e76a6..25a8c2b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ apache2 (2.4.10-10+deb8u12) UNRELEASED; urgency=medium
* CVE-2018-1283: Tampering of mod_session data for CGI applications.
* CVE-2018-1301: Possible out of bound access after failure in reading the
HTTP request
+ * CVE-2018-1303: Possible out of bound read in mod_cache_socache
-- Stefan Fritsch <sf at debian.org> Sat, 31 Mar 2018 11:24:46 +0200
diff --git a/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
new file mode 100644
index 0000000..e5b20b8
--- /dev/null
+++ b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
@@ -0,0 +1,14 @@
+# CVE-2018-1303
+# https://svn.apache.org/r1824475
+--- apache2.orig/modules/cache/mod_cache_socache.c
++++ apache2/modules/cache/mod_cache_socache.c
+@@ -212,7 +212,8 @@ static apr_status_t read_table(cache_han
+ "Premature end of cache headers.");
+ return APR_EGENERAL;
+ }
+- while (apr_isspace(buffer[colon])) {
++ /* Do not go past the \r from above as apr_isspace('\r') is true */
++ while (apr_isspace(buffer[colon]) && (colon < *slider)) {
+ colon++;
+ }
+ apr_table_addn(table, apr_pstrndup(r->pool, (const char *) buffer
diff --git a/debian/patches/series b/debian/patches/series
index bbd5b82..24e3f68 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -36,3 +36,4 @@ CVE-2017-15710-mod_authnz_ldap.diff
CVE-2017-15715-regex-line-endings.diff
CVE-2018-1283-mod_session.diff
CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
+CVE-2018-1303-mod_cache_socache-oob.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list