[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: try to fix CVE-2012-4528

2014-06-05 14:42 GMT+02:00 matteo filippetto <matteo.filippetto@gmail.com>:
>>
>> I'm following https://wiki.debian.org/BuildingTutorial
>> to fix https://security-tracker.debian.org/tracker/CVE-2012-4528
>>

So,

I manage to create the patch (see attachment).

This is my first debdiff patch and I'm still learning so it could be
full of mistakes.

Regards
-- 
Matteo Filippetto
http://www.op83.eu
@matteo_1983

diff -Nru libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch
--- libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-security-2.5.12/debian/patches/CVE-2012-4528.patch	2014-06-05 22:14:59.000000000 +0200
@@ -0,0 +1,100 @@
+Index: libapache-mod-security-2.5.12/apache2/msc_multipart.c
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/msc_multipart.c	2014-06-05 22:14:38.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/msc_multipart.c	2014-06-05 22:14:38.000000000 +0200
+@@ -657,6 +657,7 @@
+             }
+         }
+         else {
++            msr->mpd->flag_invalid_part = 1;
+             msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
+                 "(offset %u, length %u)", msr->mpd->mpp,
+                 msr->mpd->mpp->offset, msr->mpd->mpp->length);
+@@ -965,9 +966,13 @@
+             msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
+         }
+ 
++        if (msr->mpd->flag_invalid_part) {
++            msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
++        }
++
+         if (msr->mpd->flag_invalid_header_folding) {
+             msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
+-        }        
++        }
+     }
+ 
+     if ((msr->mpd->seen_data != 0) && (msr->mpd->is_complete == 0)) {
+Index: libapache-mod-security-2.5.12/apache2/msc_multipart.h
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/msc_multipart.h	2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/msc_multipart.h	2014-06-05 22:14:38.000000000 +0200
+@@ -121,6 +121,7 @@
+     int                      flag_boundary_whitespace;
+     int                      flag_missing_semicolon;
+     int                      flag_invalid_quoting;
++    int                      flag_invalid_part;
+     int                      flag_invalid_header_folding;
+     int                      flag_file_limit_exceeded;
+ };
+Index: libapache-mod-security-2.5.12/apache2/re_variables.c
+===================================================================
+--- libapache-mod-security-2.5.12.orig/apache2/re_variables.c	2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/apache2/re_variables.c	2014-06-05 22:14:38.000000000 +0200
+@@ -1366,6 +1366,18 @@
+     }
+ }
+ 
++/* MULTIPART_INVALID_PART */
++
++static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
++    apr_table_t *vartab, apr_pool_t *mptmp)
++{
++    if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
++        return var_simple_generate(var, vartab, mptmp, "1");
++    } else {
++        return var_simple_generate(var, vartab, mptmp, "0");
++    }
++}
++
+ /* MULTIPART_INVALID_QUOTING */
+ 
+ static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+@@ -1418,6 +1430,7 @@
+             ||(msr->mpd->flag_lf_line != 0)
+             ||(msr->mpd->flag_missing_semicolon != 0)
+             ||(msr->mpd->flag_invalid_quoting != 0)
++            ||(msr->mpd->flag_invalid_part != 0)
+             ||(msr->mpd->flag_invalid_header_folding != 0)
+             ||(msr->mpd->flag_file_limit_exceeded != 0)
+         ) {
+@@ -2492,6 +2505,17 @@
+         VAR_DONT_CACHE, /* flag */
+         PHASE_REQUEST_BODY
+     );
++
++    /* MULTIPART_INVALID_PART */
++    msre_engine_variable_register(engine,
++        "MULTIPART_INVALID_PART",
++        VAR_SIMPLE,
++        0, 0,
++        NULL,
++        var_multipart_invalid_part_generate,
++        VAR_DONT_CACHE, /* flag */
++        PHASE_REQUEST_BODY
++    );
+ 
+     /* MULTIPART_INVALID_QUOTING */
+     msre_engine_variable_register(engine,
+Index: libapache-mod-security-2.5.12/modsecurity.conf-minimal
+===================================================================
+--- libapache-mod-security-2.5.12.orig/modsecurity.conf-minimal	2014-06-05 22:14:34.000000000 +0200
++++ libapache-mod-security-2.5.12/modsecurity.conf-minimal	2014-06-05 22:14:38.000000000 +0200
+@@ -59,6 +59,7 @@
+ LF %{MULTIPART_LF_LINE}, \
+ SM %{MULTIPART_SEMICOLON_MISSING}, \
+ IQ %{MULTIPART_INVALID_QUOTING}, \
++IQ %{MULTIPART_INVALID_PART}, \
+ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+ 
diff -Nru libapache-mod-security-2.5.12/debian/patches/series libapache-mod-security-2.5.12/debian/patches/series
--- libapache-mod-security-2.5.12/debian/patches/series	2013-06-06 16:44:19.000000000 +0200
+++ libapache-mod-security-2.5.12/debian/patches/series	2014-06-05 14:49:21.000000000 +0200
@@ -1,3 +1,4 @@
 CVE-2012-2751.patch
 CVE-2013-2765.patch
 CVE-2013-1915.patch
+CVE-2012-4528.patch
Reply to: