- Add some missing directives RHBZ #569360
- Backport the fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
This commit is contained in:
parent
9f867be7f4
commit
5674c3eeb8
82
mod_security-fix-cve-2012-4528.patch
Normal file
82
mod_security-fix-cve-2012-4528.patch
Normal file
@ -0,0 +1,82 @@
|
||||
diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c modsecurity-apache_2.6.8/apache2/msc_multipart.c
|
||||
--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c 2012-11-17 09:30:50.499143902 +0100
|
||||
+++ modsecurity-apache_2.6.8/apache2/msc_multipart.c 2012-11-17 09:42:41.362779780 +0100
|
||||
@@ -653,6 +653,7 @@
|
||||
}
|
||||
}
|
||||
else {
|
||||
+ msr->mpd->flag_invalid_part = 1;
|
||||
msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
|
||||
"(offset %u, length %u)", msr->mpd->mpp,
|
||||
msr->mpd->mpp->offset, msr->mpd->mpp->length);
|
||||
@@ -961,6 +962,11 @@
|
||||
msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
|
||||
}
|
||||
|
||||
+ if (msr->mpd->flag_invalid_part) {
|
||||
+ msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if (msr->mpd->flag_invalid_header_folding) {
|
||||
msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
|
||||
}
|
||||
diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h modsecurity-apache_2.6.8/apache2/msc_multipart.h
|
||||
--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h 2012-11-17 09:30:50.499143902 +0100
|
||||
+++ modsecurity-apache_2.6.8/apache2/msc_multipart.h 2012-11-17 09:44:04.235930720 +0100
|
||||
@@ -117,6 +117,7 @@
|
||||
int flag_boundary_whitespace;
|
||||
int flag_missing_semicolon;
|
||||
int flag_invalid_quoting;
|
||||
+ int flag_invalid_part;
|
||||
int flag_invalid_header_folding;
|
||||
int flag_file_limit_exceeded;
|
||||
};
|
||||
diff -ru modsecurity-apache_2.6.8.orig/apache2/re_variables.c modsecurity-apache_2.6.8/apache2/re_variables.c
|
||||
--- modsecurity-apache_2.6.8.orig/apache2/re_variables.c 2012-11-17 09:30:50.499143902 +0100
|
||||
+++ modsecurity-apache_2.6.8/apache2/re_variables.c 2012-11-17 09:48:11.176457660 +0100
|
||||
@@ -1377,6 +1377,18 @@
|
||||
}
|
||||
}
|
||||
|
||||
+/* MULTIPART_INVALID_PART */
|
||||
+
|
||||
+static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
|
||||
+ apr_table_t *vartab, apr_pool_t *mptmp)
|
||||
+{
|
||||
+ if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
|
||||
+ return var_simple_generate(var, vartab, mptmp, "1");
|
||||
+ } else {
|
||||
+ return var_simple_generate(var, vartab, mptmp, "0");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* MULTIPART_INVALID_QUOTING */
|
||||
|
||||
static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
|
||||
@@ -1429,6 +1441,7 @@
|
||||
||(msr->mpd->flag_lf_line != 0)
|
||||
||(msr->mpd->flag_missing_semicolon != 0)
|
||||
||(msr->mpd->flag_invalid_quoting != 0)
|
||||
+ ||(msr->mpd->flag_invalid_part != 0)
|
||||
||(msr->mpd->flag_invalid_header_folding != 0)
|
||||
||(msr->mpd->flag_file_limit_exceeded != 0)
|
||||
) {
|
||||
@@ -2835,6 +2848,17 @@
|
||||
VAR_DONT_CACHE, /* flag */
|
||||
PHASE_REQUEST_BODY
|
||||
);
|
||||
+
|
||||
+ /* MULTIPART_INVALID_PART */
|
||||
+ msre_engine_variable_register(engine,
|
||||
+ "MULTIPART_INVALID_PART",
|
||||
+ VAR_SIMPLE,
|
||||
+ 0, 0,
|
||||
+ NULL,
|
||||
+ var_multipart_invalid_part_generate,
|
||||
+ VAR_DONT_CACHE, /* flag */
|
||||
+ PHASE_REQUEST_BODY
|
||||
+ );
|
||||
|
||||
/* MULTIPART_INVALID_QUOTING */
|
||||
msre_engine_variable_register(engine,
|
@ -39,7 +39,8 @@ LoadModule unique_id_module modules/mod_unique_id.so
|
||||
#SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
|
||||
|
||||
# Set Data Directory
|
||||
SecDataDir /var/log/httpd/
|
||||
SecTmpDir /var/lib/mod_security
|
||||
SecDataDir /var/lib/mod_security
|
||||
|
||||
# Maximum request body size we will
|
||||
# accept for buffering
|
||||
@ -75,6 +76,7 @@ LoadModule unique_id_module modules/mod_unique_id.so
|
||||
LF %{MULTIPART_LF_LINE}, \
|
||||
SM %{MULTIPART_SEMICOLON_MISSING}, \
|
||||
IQ %{MULTIPART_INVALID_QUOTING}, \
|
||||
IQ %{MULTIPART_INVALID_PART}, \
|
||||
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
|
||||
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
|
||||
|
||||
|
@ -8,21 +8,22 @@
|
||||
Summary: Security module for the Apache HTTP Server
|
||||
Name: mod_security
|
||||
Version: 2.6.8
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0
|
||||
URL: http://www.modsecurity.org/
|
||||
Group: System Environment/Daemons
|
||||
Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
|
||||
Source1: mod_security.conf
|
||||
Patch0: mod_security-fix-cve-2012-4528.patch
|
||||
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
||||
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
%description
|
||||
ModSecurity is an open source intrusion detection and prevention engine
|
||||
for web applications. It operates embedded into the web server, acting
|
||||
as a powerful umbrella - shielding web applications from attacks.
|
||||
|
||||
%if 0%{?fedora}
|
||||
%package -n mlogc
|
||||
Summary: ModSecurity Audit Log Collector
|
||||
Group: System Environment/Daemons
|
||||
@ -30,10 +31,10 @@ Requires: mod_security
|
||||
|
||||
%description -n mlogc
|
||||
This package contains the ModSecurity Audit Log Collector.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n modsecurity-apache_%{version}
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%configure --enable-pcre-match-limit=1000000 \
|
||||
@ -67,15 +68,14 @@ install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_
|
||||
# 2.2-style
|
||||
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
|
||||
%endif
|
||||
install -m 700 -d %{buildroot}%{_localstatedir}/lib/%{name}
|
||||
|
||||
%if 0%{?fedora}
|
||||
# mlogc
|
||||
install -d %{buildroot}%{_localstatedir}/log/mlogc
|
||||
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
|
||||
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
|
||||
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
|
||||
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
@ -90,8 +90,8 @@ rm -rf %{buildroot}
|
||||
%endif
|
||||
%dir %{_sysconfdir}/httpd/modsecurity.d
|
||||
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
|
||||
|
||||
%if 0%{?fedora}
|
||||
%files -n mlogc
|
||||
%defattr (-,root,root)
|
||||
%doc mlogc/INSTALL
|
||||
@ -100,9 +100,13 @@ rm -rf %{buildroot}
|
||||
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
|
||||
%attr(0755,root,root) %{_bindir}/mlogc
|
||||
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Nov 17 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-2
|
||||
- Add some missing directives RHBZ #569360
|
||||
- Backport the fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
|
||||
(RHBZ #867424, #867773, #867774)
|
||||
|
||||
* Fri Sep 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-1
|
||||
- Update to 2.6.8
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user