[mod_security/f18] - Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615) - Fix a possible memory l

Athmane Madjoudj athmane at fedoraproject.org
Tue May 28 14:01:21 UTC 2013 

commit a1c20bc8c66ed03870ed3d973a26d84c65f64e94
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date:   Tue May 28 15:00:07 2013 +0100

    - Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
    - Fix a possible memory leak

 ...rity-2.7.3-fix-mem-leak-and-cve-2013-2765.patch |   23 ++++++++++++++++++++
 mod_security.spec                                  |    8 ++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
new file mode 100644
index 0000000..3913668
--- /dev/null
+++ b/mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
@@ -0,0 +1,23 @@
+diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
+--- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c	2013-03-24 08:12:29.000000000 +0100
++++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c	2013-05-28 14:48:39.063673996 +0100
+@@ -170,6 +170,7 @@
+ 
+     /* Would storing this chunk mean going over the limit? */
+     if ((msr->msc_reqbody_spilltodisk)
++        && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
+         && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
+     {
+         msc_data_chunk **chunks;
+diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
+--- modsecurity-apache_2.7.3.orig/apache2/re_operators.c	2013-03-24 08:12:29.000000000 +0100
++++ modsecurity-apache_2.7.3/apache2/re_operators.c	2013-05-28 14:49:30.448696404 +0100
+@@ -369,7 +369,7 @@
+ /* rsub */
+ 
+ static char *param_remove_escape(msre_rule *rule, char *str, int len)  {
+-    char *parm = apr_palloc(rule->ruleset->mp, len);
++    char *parm = apr_pcalloc(rule->ruleset->mp, len);
+     char *ret = parm;
+ 
+     for(;*str!='\0';str++)    {
diff --git a/mod_security.spec b/mod_security.spec
index d467494..55679f7 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -10,13 +10,14 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.7.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/tarball/%{version}/modsecurity-apache_%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
+Patch0: mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
 
@@ -37,6 +38,7 @@ This package contains the ModSecurity Audit Log Collector.
 
 %prep
 %setup -q -n modsecurity-apache_%{version}
+%patch0 -p1
 
 %build
 %configure --enable-pcre-match-limit=1000000 \
@@ -107,6 +109,10 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
+* Tue May 28 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.3-2
+- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
+- Fix a possible memory leak.
+
 * Sat Mar 30 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.3-1
 - Update to 2.7.3

More information about the scm-commits mailing list