www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

*) SECURITY: CVE-2014-8109 (cve.mitre.org)

Browse Source 
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]

Submitted By: Edward Lu
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1642499 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
2014-11-30 01:41:26 +00:00
parent 838b88e3d0
commit 38535f55b1
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -5,6 +5,11 @@ Changes with Apache 2.5.0
mod_proxy_fcgi: Fix a potential crash with response headers' size above mod_proxy_fcgi: Fix a potential crash with response headers' size above
8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick] 8K. [Teguh <chain rop.io>, Yann Ylavic, Jeff Trawick]
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
used in multiple Require directives with different arguments.
PR57204 [Edward Lu <Chaosed0 gmail.com>]
*) mod_rewrite: Improve relative substitutions in per-directory/htaccess *) mod_rewrite: Improve relative substitutions in per-directory/htaccess
context for directories found by mod_userdir and mod_alias. These no context for directories found by mod_userdir and mod_alias. These no
loner require RewriteBase to be specified. [Eric Covener] loner require RewriteBase to be specified. [Eric Covener]

27
modules/lua/mod_lua.c
View File

@@ -66,9 +66,13 @@ typedef struct {
const char *file_name; const char *file_name;
const char *function_name; const char *function_name;
ap_lua_vm_spec *spec; ap_lua_vm_spec *spec;
apr_array_header_t *args;
} lua_authz_provider_spec; } lua_authz_provider_spec;
typedef struct {
lua_authz_provider_spec *spec;
apr_array_header_t *args;
} lua_authz_provider_func;
apr_hash_t *lua_authz_providers; apr_hash_t *lua_authz_providers;
typedef struct typedef struct
@@ -1692,6 +1696,7 @@ static const char *lua_authz_parse(cmd_parms *cmd, const char *require_line,
{ {
const char *provider_name; const char *provider_name;
lua_authz_provider_spec *spec; lua_authz_provider_spec *spec;
lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func));
apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE, apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE,
cmd->temp_pool); cmd->temp_pool);
@@ -1699,16 +1704,17 @@ static const char *lua_authz_parse(cmd_parms *cmd, const char *require_line,
spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING); spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING);
ap_assert(spec != NULL); ap_assert(spec != NULL);
func->spec = spec;
if (require_line && *require_line) { if (require_line && *require_line) {
const char *arg; const char *arg;
spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); func->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) { while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) {
APR_ARRAY_PUSH(spec->args, const char *) = arg; APR_ARRAY_PUSH(func->args, const char *) = arg;
} }
} }
*parsed_require_line = spec; *parsed_require_line = func;
return NULL; return NULL;
} }
@@ -1722,7 +1728,8 @@ static authz_status lua_authz_check(request_rec *r, const char *require_line,
&lua_module); &lua_module);
const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
&lua_module); &lua_module);
const lua_authz_provider_spec *prov_spec = parsed_require_line; const lua_authz_provider_func *prov_func = parsed_require_line;
const lua_authz_provider_spec *prov_spec = prov_func->spec;
int result; int result;
int nargs = 0; int nargs = 0;
@@ -1744,19 +1751,19 @@ static authz_status lua_authz_check(request_rec *r, const char *require_line,
return AUTHZ_GENERAL_ERROR; return AUTHZ_GENERAL_ERROR;
} }
ap_lua_run_lua_request(L, r); ap_lua_run_lua_request(L, r);
if (prov_spec->args) { if (prov_func->args) {
int i; int i;
if (!lua_checkstack(L, prov_spec->args->nelts)) { if (!lua_checkstack(L, prov_func->args->nelts)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315) ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315)
"Error: authz provider %s: too many arguments", prov_spec->name); "Error: authz provider %s: too many arguments", prov_spec->name);
ap_lua_release_state(L, spec, r); ap_lua_release_state(L, spec, r);
return AUTHZ_GENERAL_ERROR; return AUTHZ_GENERAL_ERROR;
} }
for (i = 0; i < prov_spec->args->nelts; i++) { for (i = 0; i < prov_func->args->nelts; i++) {
const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *); const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *);
lua_pushstring(L, arg); lua_pushstring(L, arg);
} }
nargs = prov_spec->args->nelts; nargs = prov_func->args->nelts;
} }
if (lua_pcall(L, 1 + nargs, 1, 0)) { if (lua_pcall(L, 1 + nargs, 1, 0)) {
const char *err = lua_tostring(L, -1); const char *err = lua_tostring(L, -1);