[apache2] 05/07: CVE-2018-1303: Possible out of bound read in mod_cache_socache

Stefan Fritsch sf at moszumanska.debian.org
Sat Mar 31 09:46:39 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch jessie
in repository apache2.

commit f78c6a813a25ab0647d60622a652d85ad5206799
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Fri Mar 30 16:40:41 2018 +0200

    CVE-2018-1303: Possible out of bound read in mod_cache_socache
---
 debian/changelog                                        |  1 +
 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff | 14 ++++++++++++++
 debian/patches/series                                   |  1 +
 3 files changed, 16 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 10e76a6..25a8c2b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ apache2 (2.4.10-10+deb8u12) UNRELEASED; urgency=medium
   * CVE-2018-1283: Tampering of mod_session data for CGI applications.
   * CVE-2018-1301: Possible out of bound access after failure in reading the
     HTTP request
+  * CVE-2018-1303: Possible out of bound read in mod_cache_socache
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 31 Mar 2018 11:24:46 +0200
 
diff --git a/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
new file mode 100644
index 0000000..e5b20b8
--- /dev/null
+++ b/debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
@@ -0,0 +1,14 @@
+# CVE-2018-1303
+# https://svn.apache.org/r1824475
+--- apache2.orig/modules/cache/mod_cache_socache.c
++++ apache2/modules/cache/mod_cache_socache.c
+@@ -212,7 +212,8 @@ static apr_status_t read_table(cache_han
+                         "Premature end of cache headers.");
+                 return APR_EGENERAL;
+             }
+-            while (apr_isspace(buffer[colon])) {
++            /* Do not go past the \r from above as apr_isspace('\r') is true */
++            while (apr_isspace(buffer[colon]) && (colon < *slider)) {
+                 colon++;
+             }
+             apr_table_addn(table, apr_pstrndup(r->pool, (const char *) buffer
diff --git a/debian/patches/series b/debian/patches/series
index bbd5b82..24e3f68 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -36,3 +36,4 @@ CVE-2017-15710-mod_authnz_ldap.diff
 CVE-2017-15715-regex-line-endings.diff
 CVE-2018-1283-mod_session.diff
 CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
+CVE-2018-1303-mod_cache_socache-oob.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list