File apache2-CVE-2020-1927.patch of Package apache2.33764

Overview Repositories Revisions Requests Users Attributes Meta

File apache2-CVE-2020-1927.patch of Package apache2.33764

Index: httpd-2.4.33/include/ap_regex.h
===================================================================
--- httpd-2.4.33.orig/include/ap_regex.h	2018-02-21 15:56:38.000000000 +0100
+++ httpd-2.4.33/include/ap_regex.h	2020-04-06 13:30:58.042429573 +0200
@@ -84,7 +84,11 @@ extern "C" {
 
 #define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */
 
-#define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */
+#define AP_REG_NO_DEFAULT 0x400 /**< Don't implicitely add AP_REG_DEFAULT options */
+
+#define AP_REG_MATCH "MATCH_" /**< suggested prefix for ap_regname */
+
+#define AP_REG_DEFAULT (AP_REG_DOTALL|AP_REG_DOLLAR_ENDONLY)
 
 /* Error values: */
 enum {
Index: httpd-2.4.33/modules/filters/mod_substitute.c
===================================================================
--- httpd-2.4.33.orig/modules/filters/mod_substitute.c	2017-05-11 19:09:35.000000000 +0200
+++ httpd-2.4.33/modules/filters/mod_substitute.c	2020-04-06 13:28:38.393732798 +0200
@@ -635,8 +635,10 @@ static const char *set_pattern(cmd_parms
 
     /* first see if we can compile the regex */
     if (!is_pattern) {
-        r = ap_pregcomp(cmd->pool, from, AP_REG_EXTENDED |
-                        (ignore_case ? AP_REG_ICASE : 0));
+        int flags = AP_REG_NO_DEFAULT
+                    | (ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY)
+                    | (ignore_case ? AP_REG_ICASE : 0);
+        r = ap_pregcomp(cmd->pool, from, flags);
         if (!r)
             return "Substitute could not compile regex";
     }
Index: httpd-2.4.33/server/util_pcre.c
===================================================================
--- httpd-2.4.33.orig/server/util_pcre.c	2020-04-06 13:28:38.337732519 +0200
+++ httpd-2.4.33/server/util_pcre.c	2020-04-06 13:30:58.046429593 +0200
@@ -120,8 +120,7 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *
  *            Compile a regular expression       *
  *************************************************/
 
-static int default_cflags = AP_REG_DOTALL |
-                            AP_REG_DOLLAR_ENDONLY;
+static int default_cflags = AP_REG_DEFAULT;
 
 AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
 {
@@ -169,7 +168,9 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t *
     int errcode = 0;
     int options = PCRE_DUPNAMES;
 
-    cflags |= default_cflags;
+    if ((cflags & AP_REG_NO_DEFAULT) == 0)
+        cflags |= default_cflags;
+
     if ((cflags & AP_REG_ICASE) != 0)
         options |= PCRE_CASELESS;
     if ((cflags & AP_REG_NEWLINE) != 0)
Index: httpd-2.4.33/server/util_regex.c
===================================================================
--- httpd-2.4.33.orig/server/util_regex.c	2016-01-19 13:56:11.000000000 +0100
+++ httpd-2.4.33/server/util_regex.c	2020-04-06 13:28:38.393732798 +0200
@@ -94,6 +94,7 @@ AP_DECLARE(ap_rxplus_t*) ap_rxplus_compi
     }
 
     /* anything after the current delimiter is flags */
+    ret->flags = ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY;
     while (*++endp) {
         switch (*endp) {
         case 'i': ret->flags |= AP_REG_ICASE; break;
@@ -106,7 +107,7 @@ AP_DECLARE(ap_rxplus_t*) ap_rxplus_compi
         default: break; /* we should probably be stricter here */
         }
     }
-    if (ap_regcomp(&ret->rx, rxstr, ret->flags) == 0) {
+    if (ap_regcomp(&ret->rx, rxstr, AP_REG_NO_DEFAULT | ret->flags) == 0) {
         apr_pool_cleanup_register(pool, &ret->rx, rxplus_cleanup,
                                   apr_pool_cleanup_null);
     }

Places

File apache2-CVE-2020-1927.patch of Package apache2.33764

Places