Fix CVE-2022-23959
This commit is contained in:
starlet-dx
parent
32c4819dad
commit
166735f758
28
CVE-2022-23959.patch
Normal file
28
CVE-2022-23959.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Blix Grydeland <martin@varnish-software.com>
|
||||
Date: Fri, 17 Dec 2021 22:10:16 +0100
|
||||
Subject: [PATCH] Mark req doclose when failing to ignore req body
|
||||
|
||||
Previously we would ignore errors to iterate the request body into
|
||||
oblivion in VRB_Ignore(), keeping the connection open. This opens an
|
||||
out-of-sync vulnerability on H/1 connections.
|
||||
|
||||
This patch tests the status of the request body in VRB_Ignore(), marking
|
||||
the request failed and that it should be closed on errors.
|
||||
---
|
||||
bin/varnishd/cache/cache_req_body.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
|
||||
index 6391f928d6..5ffd08b77d 100644
|
||||
--- a/bin/varnishd/cache/cache_req_body.c
|
||||
+++ b/bin/varnishd/cache/cache_req_body.c
|
||||
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
|
||||
if (req->req_body_status->avail > 0)
|
||||
(void)VRB_Iterate(req->wrk, req->vsl, req,
|
||||
httpq_req_body_discard, NULL);
|
||||
+ if (req->req_body_status == BS_ERROR)
|
||||
+ req->doclose = SC_RX_BODY;
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Name: varnish
|
||||
Summary: A web application accelerator
|
||||
Version: 7.0.1
|
||||
Release: 2
|
||||
Release: 3
|
||||
License: BSD
|
||||
URL: https://www.varnish-cache.org/
|
||||
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
||||
@ -11,6 +11,8 @@ Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
||||
# https://github.com/varnishcache/pkg-varnish-cache
|
||||
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
|
||||
Patch0001: fix-varnish-devel-installation-failure.patch
|
||||
#https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4
|
||||
Patch0002: CVE-2022-23959.patch
|
||||
|
||||
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
|
||||
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
|
||||
@ -158,6 +160,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
|
||||
%{_mandir}/man7/*.7*
|
||||
|
||||
%changelog
|
||||
* Tue Apr 26 2022 yaoxin <yaoxin30@h-partners.com> - 7.0.1-3
|
||||
- Fix CVE-2022-23959
|
||||
|
||||
* Fri Jan 21 2021 wulei <wulei80@huawei.com> - 7.0.1-2
|
||||
- Fix varnish-devel installation failure
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user