rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-CVE-2015-3185.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   httpd-2.4.6-CVE-2015-3185.patch
Blob History Raw
41a6c3 
Index: server/request.c
41a6c3 
===================================================================
41a6c3 
--- a/server/request.c	(revision 1684524)
41a6c3 
+++ b/server/request.c	(revision 1684525)
41a6c3 
@@ -71,6 +71,7 @@
41a6c3 
     APR_HOOK_LINK(create_request)
41a6c3 
     APR_HOOK_LINK(post_perdir_config)
41a6c3 
     APR_HOOK_LINK(dirwalk_stat)
41a6c3 
+    APR_HOOK_LINK(force_authn)
41a6c3 
 )
41a6c3
41a6c3 
 AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
41a6c3 
@@ -97,6 +98,8 @@
41a6c3 
 AP_IMPLEMENT_HOOK_RUN_FIRST(apr_status_t,dirwalk_stat,
41a6c3 
                             (apr_finfo_t *finfo, request_rec *r, apr_int32_t wanted),
41a6c3 
                             (finfo, r, wanted), AP_DECLINED)
41a6c3 
+AP_IMPLEMENT_HOOK_RUN_FIRST(int,force_authn,
41a6c3 
+                          (request_rec *r), (r), DECLINED)
41a6c3
41a6c3 
 static int auth_internal_per_conf = 0;
41a6c3 
 static int auth_internal_per_conf_hooks = 0;
41a6c3 
@@ -118,6 +121,39 @@
41a6c3 
     }
41a6c3 
 }
41a6c3
41a6c3 
+AP_DECLARE(int) ap_some_authn_required(request_rec *r)
41a6c3 
+{
41a6c3 
+    int access_status;
41a6c3 
+
41a6c3 
+    switch (ap_satisfies(r)) {
41a6c3 
+    case SATISFY_ALL:
41a6c3 
+    case SATISFY_NOSPEC:
41a6c3 
+        if ((access_status = ap_run_access_checker(r)) != OK) {
41a6c3 
+            break;
41a6c3 
+        }
41a6c3 
+
41a6c3 
+        access_status = ap_run_access_checker_ex(r);
41a6c3 
+        if (access_status == DECLINED) {
41a6c3 
+            return TRUE;
41a6c3 
+        }
41a6c3 
+
41a6c3 
+        break;
41a6c3 
+    case SATISFY_ANY:
41a6c3 
+        if ((access_status = ap_run_access_checker(r)) == OK) {
41a6c3 
+            break;
41a6c3 
+        }
41a6c3 
+
41a6c3 
+        access_status = ap_run_access_checker_ex(r);
41a6c3 
+        if (access_status == DECLINED) {
41a6c3 
+            return TRUE;
41a6c3 
+        }
41a6c3 
+
41a6c3 
+        break;
41a6c3 
+    }
41a6c3 
+
41a6c3 
+    return FALSE;
41a6c3 
+}
41a6c3 
+
41a6c3 
 /* This is the master logic for processing requests.  Do NOT duplicate
41a6c3 
  * this logic elsewhere, or the security model will be broken by future
41a6c3 
  * API changes.  Each phase must be individually optimized to pick up
41a6c3 
@@ -232,15 +268,8 @@
41a6c3 
             }
41a6c3
41a6c3 
             access_status = ap_run_access_checker_ex(r);
41a6c3 
-            if (access_status == OK) {
41a6c3 
-                ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
41a6c3 
-                              "request authorized without authentication by "
41a6c3 
-                              "access_checker_ex hook: %s", r->uri);
41a6c3 
-            }
41a6c3 
-            else if (access_status != DECLINED) {
41a6c3 
-                return decl_die(access_status, "check access", r);
41a6c3 
-            }
41a6c3 
-            else {
41a6c3 
+            if (access_status == DECLINED
41a6c3 
+                || (access_status == OK && ap_run_force_authn(r) == OK)) {
41a6c3 
                 if ((access_status = ap_run_check_user_id(r)) != OK) {
41a6c3 
                     return decl_die(access_status, "check user", r);
41a6c3 
                 }
41a6c3 
@@ -258,6 +287,14 @@
41a6c3 
                     return decl_die(access_status, "check authorization", r);
41a6c3 
                 }
41a6c3 
             }
41a6c3 
+            else if (access_status == OK) {
41a6c3 
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
41a6c3 
+                              "request authorized without authentication by "
41a6c3 
+                              "access_checker_ex hook: %s", r->uri);
41a6c3 
+            }
41a6c3 
+            else {
41a6c3 
+                return decl_die(access_status, "check access", r);
41a6c3 
+            }
41a6c3 
             break;
41a6c3 
         case SATISFY_ANY:
41a6c3 
             if ((access_status = ap_run_access_checker(r)) == OK) {
41a6c3 
@@ -269,15 +306,8 @@
41a6c3 
             }
41a6c3
41a6c3 
             access_status = ap_run_access_checker_ex(r);
41a6c3 
-            if (access_status == OK) {
41a6c3 
-                ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
41a6c3 
-                              "request authorized without authentication by "
41a6c3 
-                              "access_checker_ex hook: %s", r->uri);
41a6c3 
-            }
41a6c3 
-            else if (access_status != DECLINED) {
41a6c3 
-                return decl_die(access_status, "check access", r);
41a6c3 
-            }
41a6c3 
-            else {
41a6c3 
+            if (access_status == DECLINED
41a6c3 
+                || (access_status == OK && ap_run_force_authn(r) == OK)) {
41a6c3 
                 if ((access_status = ap_run_check_user_id(r)) != OK) {
41a6c3 
                     return decl_die(access_status, "check user", r);
41a6c3 
                 }
41a6c3 
@@ -295,6 +325,14 @@
41a6c3 
                     return decl_die(access_status, "check authorization", r);
41a6c3 
                 }
41a6c3 
             }
41a6c3 
+            else if (access_status == OK) {
41a6c3 
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
41a6c3 
+                              "request authorized without authentication by "
41a6c3 
+                              "access_checker_ex hook: %s", r->uri);
41a6c3 
+            }
41a6c3 
+            else {
41a6c3 
+                return decl_die(access_status, "check access", r);
41a6c3 
+            }
41a6c3 
             break;
41a6c3 
         }
41a6c3 
     }
41a6c3 
Index: include/http_request.h
41a6c3 
===================================================================
41a6c3 
--- a/include/http_request.h	(revision 1684524)
41a6c3 
+++ b/include/http_request.h	(revision 1684525)
41a6c3 
@@ -185,6 +185,8 @@
41a6c3 
  * is required for the current request
41a6c3 
  * @param r The current request
41a6c3 
  * @return 1 if authentication is required, 0 otherwise
41a6c3 
+ * @bug Behavior changed in 2.4.x refactoring, API no longer usable
41a6c3 
+ * @deprecated @see ap_some_authn_required()
41a6c3 
  */
41a6c3 
 AP_DECLARE(int) ap_some_auth_required(request_rec *r);
41a6c3
41a6c3 
@@ -539,6 +541,16 @@
41a6c3 
 AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
41a6c3
41a6c3 
 /**
41a6c3 
+ * This hook allows a module to force authn to be required when
41a6c3 
+ * processing a request.
41a6c3 
+ * This hook should be registered with ap_hook_force_authn().
41a6c3 
+ * @param r The current request
41a6c3 
+ * @return OK (force authn), DECLINED (let later modules decide)
41a6c3 
+ * @ingroup hooks
41a6c3 
+ */
41a6c3 
+AP_DECLARE_HOOK(int,force_authn,(request_rec *r))
41a6c3 
+
41a6c3 
+/**
41a6c3 
  * This hook allows modules to handle/emulate the apr_stat() calls
41a6c3 
  * needed for directory walk.
41a6c3 
  * @param r The current request
41a6c3 
@@ -584,6 +596,17 @@
41a6c3 
 AP_DECLARE(apr_bucket *) ap_bucket_eor_create(apr_bucket_alloc_t *list,
41a6c3 
                                               request_rec *r);
41a6c3
41a6c3 
+/**
41a6c3 
+ * Can be used within any handler to determine if any authentication
41a6c3 
+ * is required for the current request.  Note that if used with an
41a6c3 
+ * access_checker hook, an access_checker_ex hook or an authz provider; the
41a6c3 
+ * caller should take steps to avoid a loop since this function is
41a6c3 
+ * implemented by calling these hooks.
41a6c3 
+ * @param r The current request
41a6c3 
+ * @return TRUE if authentication is required, FALSE otherwise
41a6c3 
+ */
41a6c3 
+AP_DECLARE(int) ap_some_authn_required(request_rec *r);
41a6c3 
+
41a6c3 
 #ifdef __cplusplus
41a6c3 
 }
41a6c3 
 #endif

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation