Re: try to fix CVE-2012-4528
2014-06-05 14:42 GMT+02:00 matteo filippetto <matteo.filippetto@gmail.com>:
>>
>> I'm following https://wiki.debian.org/BuildingTutorial
>> to fix https://security-tracker.debian.org/tracker/CVE-2012-4528
>>
So,
I manage to create the patch (see attachment).
This is my first debdiff patch and I'm still learning so it could be
full of mistakes.
Regards
--
Matteo Filippetto
http://www.op83.eu
@matteo_1983
diff -Nru libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch
--- libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch 1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch 2014-06-05 22:14:59.000000000 +0200
@@ -0,0 +1,100 @@
+Index: libapache-mod-security-2.5.12/apache2/msc_multipart.c
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/msc_multipart.c 2014-06-05 22:14:38.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/msc_multipart.c 2014-06-05 22:14:38.000000000 +0200
+@@ -657,6 +657,7 @@
+ }
+ }
+ else {
++ msr->mpd->flag_invalid_part = 1;
+ msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
+ "(offset %u, length %u)", msr->mpd->mpp,
+ msr->mpd->mpp->offset, msr->mpd->mpp->length);
+@@ -965,9 +966,13 @@
+ msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
+ }
+
++ if (msr->mpd->flag_invalid_part) {
++ msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
++ }
++
+ if (msr->mpd->flag_invalid_header_folding) {
+ msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
+- }
++ }
+ }
+
+ if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) {
+Index: libapache-mod-security-2.5.12/apache2/msc_multipart.h
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/msc_multipart.h 2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/msc_multipart.h 2014-06-05 22:14:38.000000000 +0200
+@@ -121,6 +121,7 @@
+ int flag_boundary_whitespace;
+ int flag_missing_semicolon;
+ int flag_invalid_quoting;
++ int flag_invalid_part;
+ int flag_invalid_header_folding;
+ int flag_file_limit_exceeded;
+ };
+Index: libapache-mod-security-2.5.12/apache2/re_variables.c
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/re_variables.c 2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/re_variables.c 2014-06-05 22:14:38.000000000 +0200
+@@ -1366,6 +1366,18 @@
+ }
+ }
+
++/* MULTIPART_INVALID_PART */
++
++static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
++ apr_table_t *vartab, apr_pool_t *mptmp)
++{
++ if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
++ return var_simple_generate(var, vartab, mptmp, "1");
++ } else {
++ return var_simple_generate(var, vartab, mptmp, "0");
++ }
++}
++
+ /* MULTIPART_INVALID_QUOTING */
+
+ static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+@@ -1418,6 +1430,7 @@
+ ||(msr->mpd->flag_lf_line != 0)
+ ||(msr->mpd->flag_missing_semicolon != 0)
+ ||(msr->mpd->flag_invalid_quoting != 0)
++ ||(msr->mpd->flag_invalid_part != 0)
+ ||(msr->mpd->flag_invalid_header_folding != 0)
+ ||(msr->mpd->flag_file_limit_exceeded != 0)
+ ) {
+@@ -2492,6 +2505,17 @@
+ VAR_DONT_CACHE, /* flag */
+ PHASE_REQUEST_BODY
+ );
++
++ /* MULTIPART_INVALID_PART */
++ msre_engine_variable_register(engine,
++ "MULTIPART_INVALID_PART",
++ VAR_SIMPLE,
++ 0, 0,
++ NULL,
++ var_multipart_invalid_part_generate,
++ VAR_DONT_CACHE, /* flag */
++ PHASE_REQUEST_BODY
++ );
+
+ /* MULTIPART_INVALID_QUOTING */
+ msre_engine_variable_register(engine,
+Index: libapache-mod-security-2.5.12/modsecurity.conf-minimal
+===================================================================
+--- libapache-mod-security-2.5.12.orig/modsecurity.conf-minimal 2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/modsecurity.conf-minimal 2014-06-05 22:14:38.000000000 +0200
+@@ -59,6 +59,7 @@
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_SEMICOLON_MISSING}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
++IQ %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
diff -Nru libapache-mod-security-2.5.12/debian/patches/series libapache-mod-security-2.5.12/debian/patches/series
--- libapache-mod-security-2.5.12/debian/patches/series 2013-06-06 16:44:19.000000000 +0200
+++ libapache-mod-security-2.5.12/debian/patches/series 2014-06-05 14:49:21.000000000 +0200
@@ -1,3 +1,4 @@
CVE-2012-2751.patch
CVE-2013-2765.patch
CVE-2013-1915.patch
+CVE-2012-4528.patch
Reply to: