OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 11-Mar-2004 13:34:37
Branch: HEAD Handle: 2004031112343700
Modified files:
openpkg-src/apache apache.patch apache.spec
Log:
CAN-2003-0993; not applicable for any supported or tentative and
almost any obsoleted platforms in OPENPKG_2_0_RELEASE; only obsoleted
Solaris 2.6 might be affected, so MFC/SA is questionable
Summary:
Revision Changes Path
1.10 +127 -0 openpkg-src/apache/apache.patch
1.214 +1 -1 openpkg-src/apache/apache.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.patch
============================================================================
$ cvs diff -u -r1.9 -r1.10 apache.patch
--- openpkg-src/apache/apache.patch 28 Oct 2003 10:47:24 -0000 1.9
+++ openpkg-src/apache/apache.patch 11 Mar 2004 12:34:37 -0000 1.10
@@ -54,3 +54,130 @@
if (!(env_path = ap_pstrdup(r->pool, getenv("PATH")))) {
env_path = DEFAULT_PATH;
}
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
+ Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms,
+ does not properly parse Allow/Deny rules using IP addresses without
+ a netmask, which could allow remote attackers to bypass intended
+ access restrictions.
+
+http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47
+===================================================================
+RCS file: /home/cvspublic/apache-1.3/src/modules/standard/mod_access.c,v
+retrieving revision 1.46
+retrieving revision 1.47
+diff -u -r1.46 -r1.47
+--- apache_1.3.29/src/modules/standard/mod_access.c 2004/02/20 20:37:40 1.46
++++ apache_1.3.29/src/modules/standard/mod_access.c 2004/03/07 21:47:14 1.47
+@@ -39,8 +39,8 @@
+ union {
+ char *from;
+ struct {
+- unsigned long net;
+- unsigned long mask;
++ struct in_addr net;
++ struct in_addr mask;
+ } ip;
+ } x;
+ enum allowdeny_type type;
+@@ -124,14 +124,14 @@
+
+ }
+ else if ((s = strchr(where, '/'))) {
+- unsigned long mask;
++ struct in_addr mask;
+
+ a->type = T_IP;
+ /* trample on where, we won't be using it any more */
+ *s++ = '\0';
+
+ if (!is_ip(where)
+- || (a->x.ip.net = ap_inet_addr(where)) == INADDR_NONE) {
++ || (a->x.ip.net.s_addr = ap_inet_addr(where)) == INADDR_NONE) {
+ a->type = T_FAIL;
+ return "syntax error in network portion of network/netmask";
+ }
+@@ -143,24 +143,26 @@
+ }
+ /* is it in /a.b.c.d form? */
+ if (strchr(s, '.')) {
+- mask = ap_inet_addr(s);
+- if (mask == INADDR_NONE) {
++ mask.s_addr = ap_inet_addr(s);
++ if (mask.s_addr == INADDR_NONE) {
+ a->type = T_FAIL;
+ return "syntax error in mask portion of network/netmask";
+ }
+ }
+ else {
++ int i;
++
+ /* assume it's in /nnn form */
+- mask = atoi(s);
+- if (mask > 32 || mask <= 0) {
++ i = atoi(s);
++ if (i > 32 || i <= 0) {
+ a->type = T_FAIL;
+ return "invalid mask in network/netmask";
+ }
+- mask = 0xFFFFFFFFUL << (32 - mask);
+- mask = htonl(mask);
++ mask.s_addr = 0xFFFFFFFFUL << (32 - i);
++ mask.s_addr = htonl(mask.s_addr);
+ }
+ a->x.ip.mask = mask;
+- a->x.ip.net = (a->x.ip.net & mask); /* pjr - This fixes PR 4770 */
++ a->x.ip.net.s_addr = (a->x.ip.net.s_addr & mask.s_addr); /* pjr - This
fixes PR 4770 */
+ }
+ else if (ap_isdigit(*where) && is_ip(where)) {
+ /* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
+@@ -171,8 +173,8 @@
+ a->type = T_IP;
+ /* parse components */
+ s = where;
+- a->x.ip.net = 0;
+- a->x.ip.mask = 0;
++ a->x.ip.net.s_addr = 0;
++ a->x.ip.mask.s_addr = 0;
+ shift = 24;
+ while (*s) {
+ t = s;
+@@ -191,6 +193,7 @@
+ return "invalid ip address";
+ }
+ if (shift < 0) {
++ a->type = T_FAIL;
+ return "invalid ip address, only 4 octets allowed";
+ }
+ octet = atoi(s);
+@@ -198,13 +201,13 @@
+ a->type = T_FAIL;
+ return "each octet must be between 0 and 255 inclusive";
+ }
+- a->x.ip.net |= octet << shift;
+- a->x.ip.mask |= 0xFFUL << shift;
++ a->x.ip.net.s_addr |= (unsigned int)octet << shift;
++ a->x.ip.mask.s_addr |= 0xFFUL << shift;
+ s = t;
+ shift -= 8;
+ }
+- a->x.ip.net = ntohl(a->x.ip.net);
+- a->x.ip.mask = ntohl(a->x.ip.mask);
++ a->x.ip.net.s_addr = ntohl(a->x.ip.net.s_addr);
++ a->x.ip.mask.s_addr = ntohl(a->x.ip.mask.s_addr);
+ }
+ else {
+ a->type = T_HOST;
+@@ -272,9 +275,9 @@
+ return 1;
+
+ case T_IP:
+- if (ap[i].x.ip.net != INADDR_NONE
++ if (ap[i].x.ip.net.s_addr != INADDR_NONE
+ && (r->connection->remote_addr.sin_addr.s_addr
+- & ap[i].x.ip.mask) == ap[i].x.ip.net) {
++ & ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
+ return 1;
+ }
+ break;
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.spec
============================================================================
$ cvs diff -u -r1.213 -r1.214 apache.spec
--- openpkg-src/apache/apache.spec 24 Feb 2004 19:13:27 -0000 1.213
+++ openpkg-src/apache/apache.spec 11 Mar 2004 12:34:37 -0000 1.214
@@ -64,7 +64,7 @@
Group: Web
License: ASF
Version: %{V_apache}
-Release: 20040224
+Release: 20040311
# package options (suexec related)
%option with_suexec yes
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
