Fix CVE-2022-23959
This commit is contained in:
starlet-dx
parent
32c4819dad
commit
166735f758
28
CVE-2022-23959.patch
Normal file
28
CVE-2022-23959.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Blix Grydeland <martin@varnish-software.com>
|
||||||
|
Date: Fri, 17 Dec 2021 22:10:16 +0100
|
||||||
|
Subject: [PATCH] Mark req doclose when failing to ignore req body
|
||||||
|
|
||||||
|
Previously we would ignore errors to iterate the request body into
|
||||||
|
oblivion in VRB_Ignore(), keeping the connection open. This opens an
|
||||||
|
out-of-sync vulnerability on H/1 connections.
|
||||||
|
|
||||||
|
This patch tests the status of the request body in VRB_Ignore(), marking
|
||||||
|
the request failed and that it should be closed on errors.
|
||||||
|
---
|
||||||
|
bin/varnishd/cache/cache_req_body.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/bin/varnishd/cache/cache_req_body.c b/bin/varnishd/cache/cache_req_body.c
|
||||||
|
index 6391f928d6..5ffd08b77d 100644
|
||||||
|
--- a/bin/varnishd/cache/cache_req_body.c
|
||||||
|
+++ b/bin/varnishd/cache/cache_req_body.c
|
||||||
|
@@ -254,6 +254,8 @@ VRB_Ignore(struct req *req)
|
||||||
|
if (req->req_body_status->avail > 0)
|
||||||
|
(void)VRB_Iterate(req->wrk, req->vsl, req,
|
||||||
|
httpq_req_body_discard, NULL);
|
||||||
|
+ if (req->req_body_status == BS_ERROR)
|
||||||
|
+ req->doclose = SC_RX_BODY;
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
@ -3,7 +3,7 @@
|
|||||||
Name: varnish
|
Name: varnish
|
||||||
Summary: A web application accelerator
|
Summary: A web application accelerator
|
||||||
Version: 7.0.1
|
Version: 7.0.1
|
||||||
Release: 2
|
Release: 3
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://www.varnish-cache.org/
|
URL: https://www.varnish-cache.org/
|
||||||
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
||||||
@ -11,6 +11,8 @@ Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
|
|||||||
# https://github.com/varnishcache/pkg-varnish-cache
|
# https://github.com/varnishcache/pkg-varnish-cache
|
||||||
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
|
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
|
||||||
Patch0001: fix-varnish-devel-installation-failure.patch
|
Patch0001: fix-varnish-devel-installation-failure.patch
|
||||||
|
#https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4
|
||||||
|
Patch0002: CVE-2022-23959.patch
|
||||||
|
|
||||||
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
|
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
|
||||||
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
|
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
|
||||||
@ -158,6 +160,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
|
|||||||
%{_mandir}/man7/*.7*
|
%{_mandir}/man7/*.7*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 26 2022 yaoxin <yaoxin30@h-partners.com> - 7.0.1-3
|
||||||
|
- Fix CVE-2022-23959
|
||||||
|
|
||||||
* Fri Jan 21 2021 wulei <wulei80@huawei.com> - 7.0.1-2
|
* Fri Jan 21 2021 wulei <wulei80@huawei.com> - 7.0.1-2
|
||||||
- Fix varnish-devel installation failure
|
- Fix varnish-devel installation failure
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user