demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix m_strcasestr not defined in old mod_security branch issue (RHBZ #1089343)

Browse Source
This commit is contained in:
Athmane Madjoudj 2014-04-18 17:06:31 +01:00
parent eff88774af
commit b964b09c4d
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
mod_security-2.6.8-fix-m_strcasestr-issue-rhbz1089343.patch Normal file
View File

@ -0,0 +1,38 @@
diff -ru modsecurity-apache_2.6.8/apache2/msc_util.c modsecurity-apache_2.6.8-patched/apache2/msc_util.c
--- modsecurity-apache_2.6.8/apache2/msc_util.c 2012-09-25 14:05:00.000000000 +0100
+++ modsecurity-apache_2.6.8-patched/apache2/msc_util.c 2014-04-18 16:11:02.765000000 +0100
@@ -368,6 +368,24 @@
return d;
}
+char *m_strcasestr(const char *haystack, const char *needle) {
+ char aux, lower_aux;
+ int length;
+
+ if ((aux = *needle++) != 0) {
+ aux = (char)tolower((unsigned char)aux);
+ length = strlen(needle);
+ do {
+ do {
+ if ((lower_aux = *haystack++) == 0)
+ return NULL;
+ } while ((char)tolower((unsigned char)lower_aux) != aux);
+ } while (strncasecmp(haystack, needle, length) != 0);
+ haystack--;
+ }
+ return ((char *)haystack);
+}
+
/**
*
*/
diff -ru modsecurity-apache_2.6.8/apache2/msc_util.h modsecurity-apache_2.6.8-patched/apache2/msc_util.h
--- modsecurity-apache_2.6.8/apache2/msc_util.h 2012-09-25 14:05:00.000000000 +0100
+++ modsecurity-apache_2.6.8-patched/apache2/msc_util.h 2014-04-18 16:09:40.007000000 +0100
@@ -111,4 +111,6 @@
char DSOLOCAL *format_all_performance_variables(modsec_rec *msr, apr_pool_t *mp);
+char DSOLOCAL *m_strcasestr(const char *haystack, const char *needle);
+
#endif

7
mod_security.spec
View File

@ -8,7 +8,7 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.6.8
Release: 5%{?dist}
Release: 6%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
@ -18,6 +18,7 @@ Patch0: mod_security-fix-cve-2012-4528.patch
Patch1: mod_security-2.6.8-rhbz947842.patch
Patch2: mod_security-2.6.8_fix_cve-2013-2765.patch
Patch3: mod_security-2.7.6-fix_chunked_string_case_sensitive_issue-cve-2013-5705.patch
Patch4: mod_security-2.6.8-fix-m_strcasestr-issue-rhbz1089343.patch
Requires: httpd httpd-mmn = %{_httpd_mmn}
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -41,6 +42,7 @@ This package contains the ModSecurity Audit Log Collector.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
%configure --enable-pcre-match-limit=1000000 \
@ -108,6 +110,9 @@ rm -rf %{buildroot}
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
%changelog
* Fri Apr 18 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-6
- Fix m_strcasestr not defined in old mod_security branch issue (RHBZ #1089343)
* Tue Apr 01 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-5
- Fix Chunked string case sensitive issue (CVE-2013-5705, RHBZ #1082904 #1082905 #1082906)