Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/apache2/patches/CVE-2014-0231.patch
branchs11-update
changeset 3269 56b0e19454ba 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/apache2/patches/CVE-2014-0231.patch	Fri Aug 15 11:18:48 2014 -0700
@@ -0,0 +1,148 @@
+Patch origin: upstream
+Patch status: will be part of next version
+
+http://svn.apache.org/viewvc?view=revision&revision=1611185
+
+--- modules/generators/mod_cgid.c	2014/07/16 20:53:11	1611184
++++ modules/generators/mod_cgid.c	2014/07/16 20:56:51	1611185
+@@ -93,6 +93,10 @@
+ static pid_t parent_pid;
+ static ap_unix_identity_t empty_ugid = { (uid_t)-1, (gid_t)-1, -1 };
+ 
++typedef struct { 
++    apr_interval_time_t timeout;
++} cgid_dirconf;
++
+ /* The APR other-child API doesn't tell us how the daemon exited
+  * (SIGSEGV vs. exit(1)).  The other-child maintenance function
+  * needs to decide whether to restart the daemon after a failure
+@@ -934,7 +938,14 @@
+     return overrides->logname ? overrides : base;
+ }
+ 
++static void *create_cgid_dirconf(apr_pool_t *p, char *dummy)
++{
++    cgid_dirconf *c = (cgid_dirconf *) apr_pcalloc(p, sizeof(cgid_dirconf));
++    return c;
++}
++
+ static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg)
++
+ {
+     server_rec *s = cmd->server;
+     cgid_server_conf *conf = ap_get_module_config(s->module_config,
+@@ -987,7 +998,16 @@
+ 
+     return NULL;
+ }
++static const char *set_script_timeout(cmd_parms *cmd, void *dummy, const char *arg)
++{
++    cgid_dirconf *dc = dummy;
+ 
++    if (ap_timeout_parameter_parse(arg, &dc->timeout, "s") != APR_SUCCESS) { 
++        return "CGIDScriptTimeout has wrong format";
++    }
++ 
++    return NULL;
++}
+ static const command_rec cgid_cmds[] =
+ {
+     AP_INIT_TAKE1("ScriptLog", set_scriptlog, NULL, RSRC_CONF,
+@@ -999,6 +1019,10 @@
+     AP_INIT_TAKE1("ScriptSock", set_script_socket, NULL, RSRC_CONF,
+                   "the name of the socket to use for communication with "
+                   "the cgi daemon."),
++    AP_INIT_TAKE1("CGIDScriptTimeout", set_script_timeout, NULL, RSRC_CONF | ACCESS_CONF,
++                  "The amount of time to wait between successful reads from "
++                  "the CGI script, in seconds."),
++                  
+     {NULL}
+ };
+ 
+@@ -1335,11 +1359,15 @@
+     apr_file_t *tempsock;
+     struct cleanup_script_info *info;
+     apr_status_t rv;
++    cgid_dirconf *dc;
+ 
+     if (strcmp(r->handler,CGI_MAGIC_TYPE) && strcmp(r->handler,"cgi-script"))
+         return DECLINED;
+ 
+     conf = ap_get_module_config(r->server->module_config, &cgid_module);
++    dc = ap_get_module_config(r->per_dir_config, &cgid_module);
++
++    
+     is_included = !strcmp(r->protocol, "INCLUDED");
+ 
+     if ((argv0 = strrchr(r->filename, '/')) != NULL)
+@@ -1412,6 +1440,12 @@
+      */
+ 
+     apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
++    if (dc->timeout > 0) { 
++        apr_file_pipe_timeout_set(tempsock, dc->timeout);
++    }
++    else { 
++        apr_file_pipe_timeout_set(tempsock, r->server->timeout);
++    }
+     apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
+ 
+     if ((argv0 = strrchr(r->filename, '/')) != NULL)
+@@ -1487,6 +1521,10 @@
+             if (rv != APR_SUCCESS) {
+                 /* silly script stopped reading, soak up remaining message */
+                 child_stopped_reading = 1;
++                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, 
++                              "Error writing request body to script %s", 
++                              r->filename);
++
+             }
+         }
+         apr_brigade_cleanup(bb);
+@@ -1577,7 +1615,13 @@
+             return HTTP_MOVED_TEMPORARILY;
+         }
+ 
+-        ap_pass_brigade(r->output_filters, bb);
++        rv = ap_pass_brigade(r->output_filters, bb);
++        if (rv != APR_SUCCESS) { 
++            /* APLOG_ERR because the core output filter message is at error,
++             * but doesn't know it's passing CGI output 
++             */
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "Failed to flush CGI output to client");
++        }
+     }
+ 
+     if (nph) {
+@@ -1707,6 +1751,8 @@
+     request_rec *r = f->r;
+     cgid_server_conf *conf = ap_get_module_config(r->server->module_config,
+                                                   &cgid_module);
++    cgid_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgid_module);
++
+     struct cleanup_script_info *info;
+ 
+     add_ssi_vars(r);
+@@ -1736,6 +1782,13 @@
+      * get rid of the cleanup we registered when we created the socket.
+      */
+     apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
++    if (dc->timeout > 0) {
++        apr_file_pipe_timeout_set(tempsock, dc->timeout);
++    }
++    else {
++        apr_file_pipe_timeout_set(tempsock, r->server->timeout);
++    }
++
+     apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
+ 
+     APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pipe_create(tempsock,
+@@ -1841,7 +1894,7 @@
+ 
+ module AP_MODULE_DECLARE_DATA cgid_module = {
+     STANDARD20_MODULE_STUFF,
+-    NULL, /* dir config creater */
++    create_cgid_dirconf, /* dir config creater */
+     NULL, /* dir merger --- default is to override */
+     create_cgid_config, /* server config */
+     merge_cgid_config, /* merge server config */
upstream/oracle/userland-gate