You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/12/02 13:50:59 UTC
svn commit: r1642861 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
modules/lua/mod_lua.c
Author: jim
Date: Tue Dec 2 12:50:59 2014
New Revision: 1642861
URL: http://svn.apache.org/r1642861
Log:
Merge r1642499 from trunk:
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
used in multiple Require directives with different arguments.
PR57204 [Edward Lu <Chaosed0 gmail.com>]
Submitted By: Edward Lu
Committed By: covener
Submitted by: covener
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1642499
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1642861&r1=1642860&r2=1642861&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Dec 2 12:50:59 2014
@@ -10,6 +10,11 @@ Changes with Apache 2.4.11
mod_cache: Avoid a crash when Content-Type has an empty value.
PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
+ *) SECURITY: CVE-2014-8109 (cve.mitre.org)
+ mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
+ used in multiple Require directives with different arguments.
+ PR57204 [Edward Lu <Chaosed0 gmail.com>]
+
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1642861&r1=1642860&r2=1642861&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Dec 2 12:50:59 2014
@@ -104,13 +104,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) SECURITY: CVE-2014-8109 (cve.mitre.org)
- mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
- used in multiple Require directives with different arguments.
- PR57204.
- trunk patch: http://svn.apache.org/r1642499
- 2.4.x patch: trunk works:
- +1 covener, ylavic, jim
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Modified: httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c?rev=1642861&r1=1642860&r2=1642861&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c (original)
+++ httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c Tue Dec 2 12:50:59 2014
@@ -66,9 +66,13 @@ typedef struct {
const char *file_name;
const char *function_name;
ap_lua_vm_spec *spec;
- apr_array_header_t *args;
} lua_authz_provider_spec;
+typedef struct {
+ lua_authz_provider_spec *spec;
+ apr_array_header_t *args;
+} lua_authz_provider_func;
+
apr_hash_t *lua_authz_providers;
typedef struct
@@ -1692,6 +1696,7 @@ static const char *lua_authz_parse(cmd_p
{
const char *provider_name;
lua_authz_provider_spec *spec;
+ lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func));
apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE,
cmd->temp_pool);
@@ -1699,16 +1704,17 @@ static const char *lua_authz_parse(cmd_p
spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING);
ap_assert(spec != NULL);
+ func->spec = spec;
if (require_line && *require_line) {
const char *arg;
- spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
+ func->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) {
- APR_ARRAY_PUSH(spec->args, const char *) = arg;
+ APR_ARRAY_PUSH(func->args, const char *) = arg;
}
}
- *parsed_require_line = spec;
+ *parsed_require_line = func;
return NULL;
}
@@ -1722,7 +1728,8 @@ static authz_status lua_authz_check(requ
&lua_module);
const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
&lua_module);
- const lua_authz_provider_spec *prov_spec = parsed_require_line;
+ const lua_authz_provider_func *prov_func = parsed_require_line;
+ const lua_authz_provider_spec *prov_spec = prov_func->spec;
int result;
int nargs = 0;
@@ -1744,19 +1751,19 @@ static authz_status lua_authz_check(requ
return AUTHZ_GENERAL_ERROR;
}
ap_lua_run_lua_request(L, r);
- if (prov_spec->args) {
+ if (prov_func->args) {
int i;
- if (!lua_checkstack(L, prov_spec->args->nelts)) {
+ if (!lua_checkstack(L, prov_func->args->nelts)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315)
"Error: authz provider %s: too many arguments", prov_spec->name);
ap_lua_release_state(L, spec, r);
return AUTHZ_GENERAL_ERROR;
}
- for (i = 0; i < prov_spec->args->nelts; i++) {
- const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *);
+ for (i = 0; i < prov_func->args->nelts; i++) {
+ const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *);
lua_pushstring(L, arg);
}
- nargs = prov_spec->args->nelts;
+ nargs = prov_func->args->nelts;
}
if (lua_pcall(L, 1 + nargs, 1, 0)) {
const char *err = lua_tostring(L, -1);