[mod_auth_mysql] - add security fix for CVE-2008-2384 (#663617)
jorton
jorton at fedoraproject.org
Tue Jan 4 14:49:54 UTC 2011
commit f67d3c61643f4d0ef5f53d1fc91a19112eaf4215
Author: Joe Orton <jorton at redhat.com>
Date: Tue Jan 4 14:49:40 2011 +0000
- add security fix for CVE-2008-2384 (#663617)
mod_auth_mysql-3.0.0-CVE-2008-2384.patch | 47 ++++++++++++++++++++++++++++++
mod_auth_mysql.spec | 8 ++++-
2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/mod_auth_mysql-3.0.0-CVE-2008-2384.patch b/mod_auth_mysql-3.0.0-CVE-2008-2384.patch
new file mode 100644
index 0000000..328e708
--- /dev/null
+++ b/mod_auth_mysql-3.0.0-CVE-2008-2384.patch
@@ -0,0 +1,47 @@
+--- mod_auth_mysql-3.0.0/mod_auth_mysql.c.cve2384
++++ mod_auth_mysql-3.0.0/mod_auth_mysql.c
+@@ -451,7 +451,6 @@ static int
+ open_db_handle(request_rec *r, mysql_auth_config_rec *m)
+ {
+ static MYSQL mysql_conn;
+- char query[MAX_STRING_LEN];
+ short host_match = FALSE;
+ short user_match = FALSE;
+
+@@ -544,11 +543,13 @@ open_db_handle(request_rec *r, mysql_aut
+ strcpy (connection.db, m->mysqlDB);
+ }
+ if (m->mysqlCharacterSet) { /* If a character set was specified */
+- SNPRINTF(query, sizeof(query)-1, "SET CHARACTER SET %s", m->mysqlCharacterSet);
+- if (mysql_query(connection.handle, query) != 0) {
+- LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR: %s: %s", mysql_error(connection.handle), r->uri);
+- return FALSE;
+- }
++
++ if (mysql_set_character_set(connection.handle, m->mysqlCharacterSet) != 0) {
++ LOG_ERROR_2(APLOG_ERR, 0, r, "MySQL ERROR setting character set: %s: %s",
++ mysql_error(connection.handle), r->uri);
++ return FALSE;
++ }
++
+ }
+
+ return TRUE;
+@@ -1039,7 +1040,7 @@ static char * get_mysql_pw(request_rec *
+
+ ulen = strlen(user);
+ sql_safe_user = PCALLOC(r->pool, ulen*2+1);
+- mysql_escape_string(sql_safe_user,user,ulen);
++ mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen);
+
+ if (salt_column) { /* If a salt was requested */
+ if (m->mysqlUserCondition) {
+@@ -1116,7 +1117,7 @@ static char ** get_mysql_groups(request_
+
+ ulen = strlen(user);
+ sql_safe_user = PCALLOC(r->pool, ulen*2+1);
+- mysql_escape_string(sql_safe_user,user,ulen);
++ mysql_real_escape_string(connection.handle, sql_safe_user,user,ulen);
+
+ if (m->mysqlGroupUserNameField == NULL)
+ m->mysqlGroupUserNameField = m->mysqlNameField;
diff --git a/mod_auth_mysql.spec b/mod_auth_mysql.spec
index 6a93d90..4f444ec 100644
--- a/mod_auth_mysql.spec
+++ b/mod_auth_mysql.spec
@@ -1,7 +1,7 @@
Summary: Basic authentication for the Apache web server using a MySQL database
Name: mod_auth_mysql
Version: 3.0.0
-Release: 11%{?dist}
+Release: 12%{?dist}
Epoch: 1
Group: System Environment/Daemons
URL: http://modauthmysql.sourceforge.net/
@@ -9,6 +9,7 @@ Source0: http://downloads.sourceforge.net/modauthmysql/mod_auth_mysql-%{version}
Source1: auth_mysql.conf
Patch0: mod_auth_mysql-3.0.0-apr1x.patch
Patch1: mod_auth_mysql-3.0.0-disable.patch
+Patch10: mod_auth_mysql-3.0.0-CVE-2008-2384.patch
License: ASL 1.1
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: httpd-devel, mysql-devel
@@ -23,6 +24,8 @@ web server by checking data in a MySQL database.
%patch0 -p1 -b .apr1x
%patch1 -p1 -b .disable
+%patch10 -p1 -b .cve2384
+
%build
%{_sbindir}/apxs -I%{_includedir}/mysql -Wc,-Wall -Wc,-Werror \
-c %{name}.c -L%{_libdir}/mysql -lmysqlclient
@@ -50,6 +53,9 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*.conf
%changelog
+* Thu Dec 16 2010 Joe Orton <jorton at redhat.com> - 1:3.0.0-12
+- add security fix for CVE-2008-2384 (#663617)
+
* Sat Jun 19 2010 Joe Orton <jorton at redhat.com> - 1:3.0.0-11
- less noise for httpd-mmn BR; package the LICENSE (#605950)
More information about the scm-commits
mailing list