demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clear original response code in send_error_bucket function

Browse Source
This commit is contained in:
Tomas Korbar 2024-01-02 17:37:45 +01:00
parent b6d5b74493
commit 5a3bce7f1f
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
mod_security-2.9.7-send_error_bucket.patch Normal file
View File

@ -0,0 +1,30 @@
From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
From: Tomas Korbar <tkorbar@redhat.com>
Date: Thu, 22 Dec 2022 14:49:34 +0100
Subject: [PATCH] Clear original response code in send_error_bucket function
If this is left intact, then apache thinks that this code
was generated during processing of ErrorDocument and does not
handle it properly
Fix #2849
---
apache2/apache2_util.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
index cdae2b580..520a30f2f 100644
--- a/apache2/apache2_util.c
+++ b/apache2/apache2_util.c
@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
/* Set the status line explicitly for the error document */
f->r->status_line = ap_get_status_line(status);
+ /* Clear previously set response code to make clear that this is
+ * not a recursive error
+ */
+ f->r->status = 200;
+
brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
if (brigade == NULL) return APR_EGENERAL;

6
mod_security.spec
View File

@ -10,7 +10,7 @@
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 2.9.7 Version: 2.9.7
Release: 3%{?dist} Release: 4%{?dist}
License: Apache-2.0 License: Apache-2.0
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
@ -20,6 +20,7 @@ Source3: modsecurity_localrules.conf
Patch0: modsecurity-2.9.3-lua-54.patch Patch0: modsecurity-2.9.3-lua-54.patch
Patch1: modsecurity-2.9.3-apulibs.patch Patch1: modsecurity-2.9.3-apulibs.patch
Patch2: mod_security-2.9.3-remote-rules-timeout.patch Patch2: mod_security-2.9.3-remote-rules-timeout.patch
Patch3: mod_security-2.9.7-send_error_bucket.patch
Requires: httpd httpd-mmn = %{_httpd_mmn} Requires: httpd httpd-mmn = %{_httpd_mmn}
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} || 0%{?rhel} > 7
@ -144,6 +145,9 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%endif %endif
%changelog %changelog
* Tue Jan 02 2024 Tomas Korbar <tkorbar@redhat.com> - 2.9.7-4
- Clear original response code in send_error_bucket function
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild