demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
el5
mod_security-rpm/mod_security-fix-cve-2012-4528.patch
Athmane Madjoudj 5674c3eeb8 - Add some missing directives RHBZ #569360 
- Backport the fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
2012-11-17 10:30:06 +01:00

83 lines
3.3 KiB
Diff
Raw Permalink Blame History

diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c modsecurity-apache_2.6.8/apache2/msc_multipart.c
--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c 2012-11-17 09:30:50.499143902 +0100
+++ modsecurity-apache_2.6.8/apache2/msc_multipart.c 2012-11-17 09:42:41.362779780 +0100
@@ -653,6 +653,7 @@
}
}
else {
+ msr->mpd->flag_invalid_part = 1;
msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
"(offset %u, length %u)", msr->mpd->mpp,
msr->mpd->mpp->offset, msr->mpd->mpp->length);
@@ -961,6 +962,11 @@
msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
}
+ if (msr->mpd->flag_invalid_part) {
+ msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
+ }
+
+
if (msr->mpd->flag_invalid_header_folding) {
msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
}
diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h modsecurity-apache_2.6.8/apache2/msc_multipart.h
--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h 2012-11-17 09:30:50.499143902 +0100
+++ modsecurity-apache_2.6.8/apache2/msc_multipart.h 2012-11-17 09:44:04.235930720 +0100
@@ -117,6 +117,7 @@
int flag_boundary_whitespace;
int flag_missing_semicolon;
int flag_invalid_quoting;
+ int flag_invalid_part;
int flag_invalid_header_folding;
int flag_file_limit_exceeded;
};
diff -ru modsecurity-apache_2.6.8.orig/apache2/re_variables.c modsecurity-apache_2.6.8/apache2/re_variables.c
--- modsecurity-apache_2.6.8.orig/apache2/re_variables.c 2012-11-17 09:30:50.499143902 +0100
+++ modsecurity-apache_2.6.8/apache2/re_variables.c 2012-11-17 09:48:11.176457660 +0100
@@ -1377,6 +1377,18 @@
}
}
+/* MULTIPART_INVALID_PART */
+
+static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+ apr_table_t *vartab, apr_pool_t *mptmp)
+{
+ if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
+ return var_simple_generate(var, vartab, mptmp, "1");
+ } else {
+ return var_simple_generate(var, vartab, mptmp, "0");
+ }
+}
+
/* MULTIPART_INVALID_QUOTING */
static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
@@ -1429,6 +1441,7 @@
||(msr->mpd->flag_lf_line != 0)
||(msr->mpd->flag_missing_semicolon != 0)
||(msr->mpd->flag_invalid_quoting != 0)
+ ||(msr->mpd->flag_invalid_part != 0)
||(msr->mpd->flag_invalid_header_folding != 0)
||(msr->mpd->flag_file_limit_exceeded != 0)
) {
@@ -2835,6 +2848,17 @@
VAR_DONT_CACHE, /* flag */
PHASE_REQUEST_BODY
);
+
+ /* MULTIPART_INVALID_PART */
+ msre_engine_variable_register(engine,
+ "MULTIPART_INVALID_PART",
+ VAR_SIMPLE,
+ 0, 0,
+ NULL,
+ var_multipart_invalid_part_generate,
+ VAR_DONT_CACHE, /* flag */
+ PHASE_REQUEST_BODY
+ );
/* MULTIPART_INVALID_QUOTING */
msre_engine_variable_register(engine,
Reference in New Issue View Git Blame Copy Permalink