[mod_security/f18] - Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615) - Fix a possible memory l
Athmane Madjoudj
athmane at fedoraproject.org
Tue May 28 14:01:21 UTC 2013
commit a1c20bc8c66ed03870ed3d973a26d84c65f64e94
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date: Tue May 28 15:00:07 2013 +0100
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
- Fix a possible memory leak
...rity-2.7.3-fix-mem-leak-and-cve-2013-2765.patch | 23 ++++++++++++++++++++
mod_security.spec | 8 ++++++-
2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
new file mode 100644
index 0000000..3913668
--- /dev/null
+++ b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
@@ -0,0 +1,23 @@
+diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
+--- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c 2013-03-24 08:12:29.000000000 +0100
++++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c 2013-05-28 14:48:39.063673996 +0100
+@@ -170,6 +170,7 @@
+
+ /* Would storing this chunk mean going over the limit? */
+ if ((msr->msc_reqbody_spilltodisk)
++ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
+ && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
+ {
+ msc_data_chunk **chunks;
+diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
+--- modsecurity-apache_2.7.3.orig/apache2/re_operators.c 2013-03-24 08:12:29.000000000 +0100
++++ modsecurity-apache_2.7.3/apache2/re_operators.c 2013-05-28 14:49:30.448696404 +0100
+@@ -369,7 +369,7 @@
+ /* rsub */
+
+ static char *param_remove_escape(msre_rule *rule, char *str, int len) {
+- char *parm = apr_palloc(rule->ruleset->mp, len);
++ char *parm = apr_pcalloc(rule->ruleset->mp, len);
+ char *ret = parm;
+
+ for(;*str!='\0';str++) {
diff --git a/mod_security.spec b/mod_security.spec
index d467494..55679f7 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -10,13 +10,14 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.7.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: http://www.modsecurity.org/tarball/%{version}/modsecurity-apache_%{version}.tar.gz
Source1: mod_security.conf
Source2: 10-mod_security.conf
+Patch0: mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
Requires: httpd httpd-mmn = %{_httpd_mmn}
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
@@ -37,6 +38,7 @@ This package contains the ModSecurity Audit Log Collector.
%prep
%setup -q -n modsecurity-apache_%{version}
+%patch0 -p1
%build
%configure --enable-pcre-match-limit=1000000 \
@@ -107,6 +109,10 @@ rm -rf %{buildroot}
%endif
%changelog
+* Tue May 28 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.3-2
+- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
+- Fix a possible memory leak.
+
* Sat Mar 30 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.3-1
- Update to 2.7.3
More information about the scm-commits
mailing list