- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)

- Fix a possible memory leak
2013-05-28 15:00:07 +01:00 · 2013-05-28 15:00:07 +01:00 · a1c20bc8c6
commit a1c20bc8c6
parent cef50fc727
2 changed files with 30 additions and 1 deletions
--- a/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
+++ b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
@ -0,0 +1,23 @@
+diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
+--- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c	2013-03-24 08:12:29.000000000 +0100
+++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c	2013-05-28 14:48:39.063673996 +0100
+@@ -170,6 +170,7 @@
+ 
+     /* Would storing this chunk mean going over the limit? */
+     if ((msr->msc_reqbody_spilltodisk)
+        && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
+         && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
+     {
+         msc_data_chunk **chunks;
+diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
+--- modsecurity-apache_2.7.3.orig/apache2/re_operators.c	2013-03-24 08:12:29.000000000 +0100
+++ modsecurity-apache_2.7.3/apache2/re_operators.c	2013-05-28 14:49:30.448696404 +0100
+@@ -369,7 +369,7 @@
+ /* rsub */
+ 
+ static char *param_remove_escape(msre_rule *rule, char *str, int len)  {
+-    char *parm = apr_palloc(rule->ruleset->mp, len);
+    char *parm = apr_pcalloc(rule->ruleset->mp, len);
+     char *ret = parm;
+ 
+     for(;*str!='\0';str++)    {
--- a/mod_security.spec
+++ b/mod_security.spec
@ -10,13 +10,14 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.7.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/tarball/%{version}/modsecurity-apache_%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
+Patch0: mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel

@ -37,6 +38,7 @@ This package contains the ModSecurity Audit Log Collector.

 %prep
 %setup -q -n modsecurity-apache_%{version}
+%patch0 -p1

 %build
 %configure --enable-pcre-match-limit=1000000 \
@ -107,6 +109,10 @@ rm -rf %{buildroot}
 %endif

 %changelog
+* Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-2
+- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
+- Fix a possible memory leak.
+
 * Sat Mar 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-1
 - Update to 2.7.3