rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-CVE-2019-0217.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   890d24e0f9cbdc9609e3fe72f32bc0fd5be04ee7
  2.   SOURCES
  3.   httpd-2.4.6-CVE-2019-0217.patch
Blob History Raw
41a6c3 
diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
41a6c3 
index b50bcf9..5bfec82 100644
41a6c3 
--- a/modules/aaa/mod_auth_digest.c
41a6c3 
+++ b/modules/aaa/mod_auth_digest.c
41a6c3 
@@ -92,7 +92,6 @@ typedef struct digest_config_struct {
41a6c3 
     int          check_nc;
41a6c3 
     const char  *algorithm;
41a6c3 
     char        *uri_list;
41a6c3 
-    const char  *ha1;
41a6c3 
 } digest_config_rec;
41a6c3
41a6c3
41a6c3 
@@ -153,6 +152,7 @@ typedef struct digest_header_struct {
41a6c3 
     apr_time_t            nonce_time;
41a6c3 
     enum hdr_sts          auth_hdr_sts;
41a6c3 
     int                   needed_auth;
41a6c3 
+    const char           *ha1;
41a6c3 
     client_entry         *client;
41a6c3 
 } digest_header_rec;
41a6c3
41a6c3 
@@ -1295,7 +1295,7 @@ static int hook_note_digest_auth_failure(request_rec *r, const char *auth_type)
41a6c3 
  */
41a6c3
41a6c3 
 static authn_status get_hash(request_rec *r, const char *user,
41a6c3 
-                             digest_config_rec *conf)
41a6c3 
+                             digest_config_rec *conf, const char **rethash)
41a6c3 
 {
41a6c3 
     authn_status auth_result;
41a6c3 
     char *password;
41a6c3 
@@ -1347,7 +1347,7 @@ static authn_status get_hash(request_rec *r, const char *user,
41a6c3 
     } while (current_provider);
41a6c3
41a6c3 
     if (auth_result == AUTH_USER_FOUND) {
41a6c3 
-        conf->ha1 = password;
41a6c3 
+        *rethash = password;
41a6c3 
     }
41a6c3
41a6c3 
     return auth_result;
41a6c3 
@@ -1474,25 +1474,24 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
41a6c3
41a6c3 
 /* RFC-2069 */
41a6c3 
 static const char *old_digest(const request_rec *r,
41a6c3 
-                              const digest_header_rec *resp, const char *ha1)
41a6c3 
+                              const digest_header_rec *resp)
41a6c3 
 {
41a6c3 
     const char *ha2;
41a6c3
41a6c3 
     ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
41a6c3 
                                                        resp->uri, NULL));
41a6c3 
     return ap_md5(r->pool,
41a6c3 
-                  (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
41a6c3 
-                                              ":", ha2, NULL));
41a6c3 
+                  (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
41a6c3 
+                                               resp->nonce, ":", ha2, NULL));
41a6c3 
 }
41a6c3
41a6c3 
 /* RFC-2617 */
41a6c3 
 static const char *new_digest(const request_rec *r,
41a6c3 
-                              digest_header_rec *resp,
41a6c3 
-                              const digest_config_rec *conf)
41a6c3 
+                              digest_header_rec *resp)
41a6c3 
 {
41a6c3 
     const char *ha1, *ha2, *a2;
41a6c3
41a6c3 
-    ha1 = conf->ha1;
41a6c3 
+    ha1 = resp->ha1;
41a6c3
41a6c3 
     a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
41a6c3 
     ha2 = ap_md5(r->pool, (const unsigned char *)a2);
41a6c3 
@@ -1505,7 +1504,6 @@ static const char *new_digest(const request_rec *r,
41a6c3 
                                                NULL));
41a6c3 
 }
41a6c3
41a6c3 
-
41a6c3 
 static void copy_uri_components(apr_uri_t *dst,
41a6c3 
                                 apr_uri_t *src, request_rec *r) {
41a6c3 
     if (src->scheme && src->scheme[0] != '\0') {
41a6c3 
@@ -1742,7 +1740,7 @@ static int authenticate_digest_user(request_rec *r)
41a6c3 
         return HTTP_UNAUTHORIZED;
41a6c3 
     }
41a6c3
41a6c3 
-    return_code = get_hash(r, r->user, conf);
41a6c3 
+    return_code = get_hash(r, r->user, conf, &resp->ha1);
41a6c3
41a6c3 
     if (return_code == AUTH_USER_NOT_FOUND) {
41a6c3 
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
41a6c3 
@@ -1772,7 +1770,7 @@ static int authenticate_digest_user(request_rec *r)
41a6c3
41a6c3 
     if (resp->message_qop == NULL) {
41a6c3 
         /* old (rfc-2069) style digest */
41a6c3 
-        if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
41a6c3 
+        if (strcmp(resp->digest, old_digest(r, resp))) {
41a6c3 
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
41a6c3 
                           "user %s: password mismatch: %s", r->user,
41a6c3 
                           r->uri);
41a6c3 
@@ -1802,7 +1800,7 @@ static int authenticate_digest_user(request_rec *r)
41a6c3 
             return HTTP_UNAUTHORIZED;
41a6c3 
         }
41a6c3
41a6c3 
-        exp_digest = new_digest(r, resp, conf);
41a6c3 
+        exp_digest = new_digest(r, resp);
41a6c3 
         if (!exp_digest) {
41a6c3 
             /* we failed to allocate a client struct */
41a6c3 
             return HTTP_INTERNAL_SERVER_ERROR;
41a6c3 
@@ -1886,7 +1884,7 @@ static int add_auth_info(request_rec *r)
41a6c3
41a6c3 
         /* calculate rspauth attribute
41a6c3 
          */
41a6c3 
-        ha1 = conf->ha1;
41a6c3 
+        ha1 = resp->ha1;
41a6c3
41a6c3 
         a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
41a6c3 
         ha2 = ap_md5(r->pool, (const unsigned char *)a2);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation