[mod_security/el5] - Add some missing directives RHBZ #569360 - Backport the fix multipart/invalid part ruleset bypass
Athmane Madjoudj
athmane at fedoraproject.org
Sat Nov 17 09:31:26 UTC 2012
commit 5674c3eeb87b1b9887ad2ec11739ff910def7246
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date: Sat Nov 17 10:30:06 2012 +0100
- Add some missing directives RHBZ #569360
- Backport the fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)
mod_security-fix-cve-2012-4528.patch | 82 ++++++++++++++++++++++++++++++++++
mod_security.conf | 4 +-
mod_security.spec | 18 +++++---
3 files changed, 96 insertions(+), 8 deletions(-)
---
diff --git a/mod_security-fix-cve-2012-4528.patch b/mod_security-fix-cve-2012-4528.patch
new file mode 100644
index 0000000..7eb787a
--- /dev/null
+++ b/mod_security-fix-cve-2012-4528.patch
@@ -0,0 +1,82 @@
+diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c modsecurity-apache_2.6.8/apache2/msc_multipart.c
+--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.c 2012-11-17 09:30:50.499143902 +0100
++++ modsecurity-apache_2.6.8/apache2/msc_multipart.c 2012-11-17 09:42:41.362779780 +0100
+@@ -653,6 +653,7 @@
+ }
+ }
+ else {
++ msr->mpd->flag_invalid_part = 1;
+ msr_log(msr, 3, "Multipart: Skipping invalid part %pp (part name missing): "
+ "(offset %u, length %u)", msr->mpd->mpp,
+ msr->mpd->mpp->offset, msr->mpd->mpp->length);
+@@ -961,6 +962,11 @@
+ msr_log(msr, 4, "Multipart: Warning: invalid quoting used.");
+ }
+
++ if (msr->mpd->flag_invalid_part) {
++ msr_log(msr, 4, "Multipart: Warning: invalid part parsing.");
++ }
++
++
+ if (msr->mpd->flag_invalid_header_folding) {
+ msr_log(msr, 4, "Multipart: Warning: invalid header folding used.");
+ }
+diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h modsecurity-apache_2.6.8/apache2/msc_multipart.h
+--- modsecurity-apache_2.6.8.orig/apache2/msc_multipart.h 2012-11-17 09:30:50.499143902 +0100
++++ modsecurity-apache_2.6.8/apache2/msc_multipart.h 2012-11-17 09:44:04.235930720 +0100
+@@ -117,6 +117,7 @@
+ int flag_boundary_whitespace;
+ int flag_missing_semicolon;
+ int flag_invalid_quoting;
++ int flag_invalid_part;
+ int flag_invalid_header_folding;
+ int flag_file_limit_exceeded;
+ };
+diff -ru modsecurity-apache_2.6.8.orig/apache2/re_variables.c modsecurity-apache_2.6.8/apache2/re_variables.c
+--- modsecurity-apache_2.6.8.orig/apache2/re_variables.c 2012-11-17 09:30:50.499143902 +0100
++++ modsecurity-apache_2.6.8/apache2/re_variables.c 2012-11-17 09:48:11.176457660 +0100
+@@ -1377,6 +1377,18 @@
+ }
+ }
+
++/* MULTIPART_INVALID_PART */
++
++static int var_multipart_invalid_part_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
++ apr_table_t *vartab, apr_pool_t *mptmp)
++{
++ if ((msr->mpd != NULL)&&(msr->mpd->flag_invalid_part != 0)) {
++ return var_simple_generate(var, vartab, mptmp, "1");
++ } else {
++ return var_simple_generate(var, vartab, mptmp, "0");
++ }
++}
++
+ /* MULTIPART_INVALID_QUOTING */
+
+ static int var_multipart_invalid_quoting_generate(modsec_rec *msr, msre_var *var, msre_rule *rule,
+@@ -1429,6 +1441,7 @@
+ ||(msr->mpd->flag_lf_line != 0)
+ ||(msr->mpd->flag_missing_semicolon != 0)
+ ||(msr->mpd->flag_invalid_quoting != 0)
++ ||(msr->mpd->flag_invalid_part != 0)
+ ||(msr->mpd->flag_invalid_header_folding != 0)
+ ||(msr->mpd->flag_file_limit_exceeded != 0)
+ ) {
+@@ -2835,6 +2848,17 @@
+ VAR_DONT_CACHE, /* flag */
+ PHASE_REQUEST_BODY
+ );
++
++ /* MULTIPART_INVALID_PART */
++ msre_engine_variable_register(engine,
++ "MULTIPART_INVALID_PART",
++ VAR_SIMPLE,
++ 0, 0,
++ NULL,
++ var_multipart_invalid_part_generate,
++ VAR_DONT_CACHE, /* flag */
++ PHASE_REQUEST_BODY
++ );
+
+ /* MULTIPART_INVALID_QUOTING */
+ msre_engine_variable_register(engine,
diff --git a/mod_security.conf b/mod_security.conf
index 7468a05..fb436f4 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -39,7 +39,8 @@ LoadModule unique_id_module modules/mod_unique_id.so
#SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
# Set Data Directory
- SecDataDir /var/log/httpd/
+ SecTmpDir /var/lib/mod_security
+ SecDataDir /var/lib/mod_security
# Maximum request body size we will
# accept for buffering
@@ -75,6 +76,7 @@ LoadModule unique_id_module modules/mod_unique_id.so
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_SEMICOLON_MISSING}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
+ IQ %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
diff --git a/mod_security.spec b/mod_security.spec
index c8869f6..5755759 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -8,21 +8,22 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.6.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
Source1: mod_security.conf
+Patch0: mod_security-fix-cve-2012-4528.patch
Requires: httpd httpd-mmn = %{_httpd_mmn}
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.
-%if 0%{?fedora}
%package -n mlogc
Summary: ModSecurity Audit Log Collector
Group: System Environment/Daemons
@@ -30,10 +31,10 @@ Requires: mod_security
%description -n mlogc
This package contains the ModSecurity Audit Log Collector.
-%endif
%prep
%setup -q -n modsecurity-apache_%{version}
+%patch0 -p1
%build
%configure --enable-pcre-match-limit=1000000 \
@@ -67,15 +68,14 @@ install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_
# 2.2-style
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
%endif
+install -m 700 -d %{buildroot}%{_localstatedir}/lib/%{name}
-%if 0%{?fedora}
# mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
-%endif
%clean
rm -rf %{buildroot}
@@ -90,8 +90,8 @@ rm -rf %{buildroot}
%endif
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
-%if 0%{?fedora}
%files -n mlogc
%defattr (-,root,root)
%doc mlogc/INSTALL
@@ -100,9 +100,13 @@ rm -rf %{buildroot}
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
%attr(0755,root,root) %{_bindir}/mlogc
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
-%endif
%changelog
+* Sat Nov 17 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-2
+- Add some missing directives RHBZ #569360
+- Backport the fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
+ (RHBZ #867424, #867773, #867774)
+
* Fri Sep 28 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-1
- Update to 2.6.8
More information about the scm-commits
mailing list