Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
apache2.34448
apache2-CVE-2022-23943.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache2-CVE-2022-23943.patch of Package apache2.34448
Index: httpd-2.4.23/modules/filters/libsed.h =================================================================== --- httpd-2.4.23.orig/modules/filters/libsed.h +++ httpd-2.4.23/modules/filters/libsed.h @@ -60,7 +60,7 @@ struct sed_label_s { }; typedef apr_status_t (sed_err_fn_t)(void *data, const char *error); -typedef apr_status_t (sed_write_fn_t)(void *ctx, char *buf, int sz); +typedef apr_status_t (sed_write_fn_t)(void *ctx, char *buf, apr_size_t sz); typedef struct sed_commands_s sed_commands_t; #define NWFILES 11 /* 10 plus one for standard output */ @@ -69,7 +69,7 @@ struct sed_commands_s { sed_err_fn_t *errfn; void *data; - unsigned lsize; + apr_size_t lsize; char *linebuf; char *lbend; const char *saveq; @@ -116,15 +116,15 @@ struct sed_eval_s { apr_int64_t lnum; void *fout; - unsigned lsize; + apr_size_t lsize; char *linebuf; char *lspend; - unsigned hsize; + apr_size_t hsize; char *holdbuf; char *hspend; - unsigned gsize; + apr_size_t gsize; char *genbuf; char *lcomend; @@ -160,7 +160,7 @@ apr_status_t sed_init_eval(sed_eval_t *e sed_err_fn_t *errfn, void *data, sed_write_fn_t *writefn, apr_pool_t *p); apr_status_t sed_reset_eval(sed_eval_t *eval, sed_commands_t *commands, sed_err_fn_t *errfn, void *data); -apr_status_t sed_eval_buffer(sed_eval_t *eval, const char *buf, int bufsz, void *fout); +apr_status_t sed_eval_buffer(sed_eval_t *eval, const char *buf, apr_size_t bufsz, void *fout); apr_status_t sed_eval_file(sed_eval_t *eval, apr_file_t *fin, void *fout); apr_status_t sed_finalize_eval(sed_eval_t *eval, void *f); void sed_destroy_eval(sed_eval_t *eval); Index: httpd-2.4.23/modules/filters/mod_sed.c =================================================================== --- httpd-2.4.23.orig/modules/filters/mod_sed.c +++ httpd-2.4.23/modules/filters/mod_sed.c @@ -51,7 +51,7 @@ typedef struct sed_filter_ctxt apr_bucket_brigade *bbinp; char *outbuf; char *curoutbuf; - int bufsize; + apr_size_t bufsize; apr_pool_t *tpool; int numbuckets; } sed_filter_ctxt; @@ -100,7 +100,7 @@ static void alloc_outbuf(sed_filter_ctxt /* append_bucket * Allocate a new bucket from buf and sz and append to ctx->bb */ -static apr_status_t append_bucket(sed_filter_ctxt* ctx, char* buf, int sz) +static apr_status_t append_bucket(sed_filter_ctxt* ctx, char* buf, apr_size_t sz) { apr_status_t status = APR_SUCCESS; apr_bucket *b; @@ -133,7 +133,7 @@ static apr_status_t append_bucket(sed_fi */ static apr_status_t flush_output_buffer(sed_filter_ctxt *ctx) { - int size = ctx->curoutbuf - ctx->outbuf; + apr_size_t size = ctx->curoutbuf - ctx->outbuf; char *out; apr_status_t status = APR_SUCCESS; if ((ctx->outbuf == NULL) || (size <=0)) @@ -147,12 +147,12 @@ static apr_status_t flush_output_buffer( /* This is a call back function. When libsed wants to generate the output, * this function will be invoked. */ -static apr_status_t sed_write_output(void *dummy, char *buf, int sz) +static apr_status_t sed_write_output(void *dummy, char *buf, apr_size_t sz) { /* dummy is basically filter context. Context is passed during invocation * of sed_eval_buffer */ - int remainbytes = 0; + apr_size_t remainbytes = 0; apr_status_t status = APR_SUCCESS; sed_filter_ctxt *ctx = (sed_filter_ctxt *) dummy; if (ctx->outbuf == NULL) { Index: httpd-2.4.23/modules/filters/sed1.c =================================================================== --- httpd-2.4.23.orig/modules/filters/sed1.c +++ httpd-2.4.23/modules/filters/sed1.c @@ -71,7 +71,7 @@ static apr_status_t dosub(sed_eval_t *ev static char *place(sed_eval_t *eval, char *asp, char *al1, char *al2); static apr_status_t command(sed_eval_t *eval, sed_reptr_t *ipc, step_vars_storage *step_vars); -static apr_status_t wline(sed_eval_t *eval, char *buf, int sz); +static apr_status_t wline(sed_eval_t *eval, char *buf, apr_size_t sz); static apr_status_t arout(sed_eval_t *eval); static void eval_errf(sed_eval_t *eval, const char *fmt, ...) @@ -92,11 +92,11 @@ static void eval_errf(sed_eval_t *eval, * grow_buffer */ static void grow_buffer(apr_pool_t *pool, char **buffer, - char **spend, unsigned int *cursize, - unsigned int newsize) + char **spend, apr_size_t *cursize, + apr_size_t newsize) { char* newbuffer = NULL; - int spendsize = 0; + apr_size_t spendsize = 0; if (*cursize >= newsize) return; /* Avoid number of times realloc is called. It could cause huge memory @@ -124,7 +124,7 @@ static void grow_buffer(apr_pool_t *pool /* * grow_line_buffer */ -static void grow_line_buffer(sed_eval_t *eval, int newsize) +static void grow_line_buffer(sed_eval_t *eval, apr_size_t newsize) { grow_buffer(eval->pool, &eval->linebuf, &eval->lspend, &eval->lsize, newsize); @@ -133,7 +133,7 @@ static void grow_line_buffer(sed_eval_t /* * grow_hold_buffer */ -static void grow_hold_buffer(sed_eval_t *eval, int newsize) +static void grow_hold_buffer(sed_eval_t *eval, apr_size_t newsize) { grow_buffer(eval->pool, &eval->holdbuf, &eval->hspend, &eval->hsize, newsize); @@ -142,7 +142,7 @@ static void grow_hold_buffer(sed_eval_t /* * grow_gen_buffer */ -static void grow_gen_buffer(sed_eval_t *eval, int newsize, +static void grow_gen_buffer(sed_eval_t *eval, apr_size_t newsize, char **gspend) { if (gspend == NULL) { @@ -156,9 +156,9 @@ static void grow_gen_buffer(sed_eval_t * /* * appendmem_to_linebuf */ -static void appendmem_to_linebuf(sed_eval_t *eval, const char* sz, int len) +static void appendmem_to_linebuf(sed_eval_t *eval, const char* sz, apr_size_t len) { - unsigned int reqsize = (eval->lspend - eval->linebuf) + len; + apr_size_t reqsize = (eval->lspend - eval->linebuf) + len; if (eval->lsize < reqsize) { grow_line_buffer(eval, reqsize); } @@ -169,21 +169,36 @@ static void appendmem_to_linebuf(sed_eva /* * append_to_linebuf */ -static void append_to_linebuf(sed_eval_t *eval, const char* sz) +static void append_to_linebuf(sed_eval_t *eval, const char* sz, + step_vars_storage *step_vars) { - int len = strlen(sz); + apr_size_t len = strlen(sz); + char *old_linebuf = eval->linebuf; /* Copy string including null character */ appendmem_to_linebuf(eval, sz, len + 1); --eval->lspend; /* lspend will now point to NULL character */ + /* Sync step_vars after a possible linebuf expansion */ + if (step_vars && old_linebuf != eval->linebuf) { + if (step_vars->loc1) { + step_vars->loc1 = step_vars->loc1 - old_linebuf + eval->linebuf; + } + if (step_vars->loc2) { + step_vars->loc2 = step_vars->loc2 - old_linebuf + eval->linebuf; + } + if (step_vars->locs) { + step_vars->locs = step_vars->locs - old_linebuf + eval->linebuf; + } + } } /* * copy_to_linebuf */ -static void copy_to_linebuf(sed_eval_t *eval, const char* sz) +static void copy_to_linebuf(sed_eval_t *eval, const char* sz, + step_vars_storage *step_vars) { eval->lspend = eval->linebuf; - append_to_linebuf(eval, sz); + append_to_linebuf(eval, sz, step_vars); } /* @@ -191,8 +206,8 @@ static void copy_to_linebuf(sed_eval_t * */ static void append_to_holdbuf(sed_eval_t *eval, const char* sz) { - int len = strlen(sz); - unsigned int reqsize = (eval->hspend - eval->holdbuf) + len + 1; + apr_size_t len = strlen(sz); + apr_size_t reqsize = (eval->hspend - eval->holdbuf) + len + 1; if (eval->hsize <= reqsize) { grow_hold_buffer(eval, reqsize); } @@ -215,8 +230,8 @@ static void copy_to_holdbuf(sed_eval_t * */ static void append_to_genbuf(sed_eval_t *eval, const char* sz, char **gspend) { - int len = strlen(sz); - unsigned int reqsize = (*gspend - eval->genbuf) + len + 1; + apr_size_t len = strlen(sz); + apr_size_t reqsize = (*gspend - eval->genbuf) + len + 1; if (eval->gsize < reqsize) { grow_gen_buffer(eval, reqsize, gspend); } @@ -230,8 +245,8 @@ static void append_to_genbuf(sed_eval_t */ static void copy_to_genbuf(sed_eval_t *eval, const char* sz) { - int len = strlen(sz); - unsigned int reqsize = len + 1; + apr_size_t len = strlen(sz); + apr_size_t reqsize = len + 1; if (eval->gsize < reqsize) { grow_gen_buffer(eval, reqsize, NULL); } @@ -353,7 +368,7 @@ apr_status_t sed_eval_file(sed_eval_t *e /* * sed_eval_buffer */ -apr_status_t sed_eval_buffer(sed_eval_t *eval, const char *buf, int bufsz, void *fout) +apr_status_t sed_eval_buffer(sed_eval_t *eval, const char *buf, apr_size_t bufsz, void *fout) { apr_status_t rv; @@ -383,7 +398,7 @@ apr_status_t sed_eval_buffer(sed_eval_t while (bufsz) { char *n; - int llen; + apr_size_t llen; n = memchr(buf, '\n', bufsz); if (n == NULL) @@ -442,7 +457,7 @@ apr_status_t sed_finalize_eval(sed_eval_ * buffer is not a newline. */ /* Assure space for NULL */ - append_to_linebuf(eval, ""); + append_to_linebuf(eval, "", NULL); } *eval->lspend = '\0'; @@ -666,7 +681,7 @@ static apr_status_t dosub(sed_eval_t *ev lp = step_vars->loc2; step_vars->loc2 = sp - eval->genbuf + eval->linebuf; append_to_genbuf(eval, lp, &sp); - copy_to_linebuf(eval, eval->genbuf); + copy_to_linebuf(eval, eval->genbuf, step_vars); return rv; } @@ -676,8 +691,8 @@ static apr_status_t dosub(sed_eval_t *ev static char *place(sed_eval_t *eval, char *asp, char *al1, char *al2) { char *sp = asp; - int n = al2 - al1; - unsigned int reqsize = (sp - eval->genbuf) + n + 1; + apr_size_t n = al2 - al1; + apr_size_t reqsize = (sp - eval->genbuf) + n + 1; if (eval->gsize < reqsize) { grow_gen_buffer(eval, reqsize, &sp); @@ -733,7 +748,7 @@ static apr_status_t command(sed_eval_t * } p1++; - copy_to_linebuf(eval, p1); + copy_to_linebuf(eval, p1, step_vars); eval->jflag++; break; @@ -743,12 +758,12 @@ static apr_status_t command(sed_eval_t * break; case GCOM: - copy_to_linebuf(eval, eval->holdbuf); + copy_to_linebuf(eval, eval->holdbuf, step_vars); break; case CGCOM: - append_to_linebuf(eval, "\n"); - append_to_linebuf(eval, eval->holdbuf); + append_to_linebuf(eval, "\n", step_vars); + append_to_linebuf(eval, eval->holdbuf, step_vars); break; case HCOM: @@ -879,7 +894,7 @@ static apr_status_t command(sed_eval_t * if (rv != APR_SUCCESS) return rv; } - append_to_linebuf(eval, "\n"); + append_to_linebuf(eval, "\n", step_vars); eval->pending = ipc->next; break; @@ -951,7 +966,7 @@ static apr_status_t command(sed_eval_t * break; case XCOM: copy_to_genbuf(eval, eval->linebuf); - copy_to_linebuf(eval, eval->holdbuf); + copy_to_linebuf(eval, eval->holdbuf, step_vars); copy_to_holdbuf(eval, eval->genbuf); break; @@ -1008,7 +1023,7 @@ static apr_status_t arout(sed_eval_t *ev /* * wline */ -static apr_status_t wline(sed_eval_t *eval, char *buf, int sz) +static apr_status_t wline(sed_eval_t *eval, char *buf, apr_size_t sz) { apr_status_t rv = APR_SUCCESS; rv = eval->writefn(eval->fout, buf, sz); diff --git a/modules/filters/mod_sed.c b/modules/filters/mod_sed.c index 7092dd5e7f1..4bdb4ce33ae 100644 --- a/modules/filters/mod_sed.c +++ b/modules/filters/mod_sed.c @@ -168,21 +168,29 @@ static apr_status_t sed_write_output(void *dummy, char *buf, apr_size_t sz) } /* buffer is now full */ status = append_bucket(ctx, ctx->outbuf, ctx->bufsize); - /* old buffer is now used so allocate new buffer */ - alloc_outbuf(ctx); - /* if size is bigger than the allocated buffer directly add to output - * brigade */ - if ((status == APR_SUCCESS) && (sz >= ctx->bufsize)) { - char* newbuf = apr_pmemdup(ctx->tpool, buf, sz); - status = append_bucket(ctx, newbuf, sz); - /* pool might get clear after append_bucket */ - if (ctx->outbuf == NULL) { + if (status == APR_SUCCESS) { + /* if size is bigger than the allocated buffer directly add to output + * brigade */ + if (sz >= ctx->bufsize) { + char* newbuf = apr_pmemdup(ctx->tpool, buf, sz); + status = append_bucket(ctx, newbuf, sz); + if (status == APR_SUCCESS) { + /* old buffer is now used so allocate new buffer */ + alloc_outbuf(ctx); + } + else { + clear_ctxpool(ctx); + } + } + else { + /* old buffer is now used so allocate new buffer */ alloc_outbuf(ctx); + memcpy(ctx->curoutbuf, buf, sz); + ctx->curoutbuf += sz; } } else { - memcpy(ctx->curoutbuf, buf, sz); - ctx->curoutbuf += sz; + clear_ctxpool(ctx); } } else {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor