File fix-CVE-2023-24021.patch of Package apache2-mod_security2

Overview Repositories Revisions Requests Users Attributes Meta

File fix-CVE-2023-24021.patch of Package apache2-mod_security2

From 4324f0ac59f8225aa44bc5034df60dbeccd1d334 Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Wed, 4 Jan 2023 11:34:11 -0800
Subject: [PATCH] Fix: FILES_TMP_CONTENT may sometimes lack complete content

---
 CHANGES                |  2 ++
 apache2/re_variables.c | 26 ++++++++++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/apache2/re_variables.c b/apache2/re_variables.c
index 12a0a5620..a53140b2c 100644
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@@ -1173,6 +1173,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
                 FILE *file;
                 size_t nread;
                 char *full_content = NULL;
+                char *full_content_tmp_ptr = NULL;
                 size_t total_lenght = 0;
                 msre_var *rvar = NULL;
 
@@ -1182,19 +1183,23 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
                     continue;
                 }
 
+                full_content = (char *)apr_pcalloc(mptmp, (sizeof(char)*parts[i]->length) + 1);
+                if (full_content == NULL) {
+                    if (msr->txcfg->debuglog_level >= 3) {
+                        msr_log(msr, 3, "Variable FILES_TMP_CONTENT will not be created, not " \
+                            "enough memory available.");
+                    }
+                    goto files_tmp_content_not_enough_mem;
+                }
+                full_content_tmp_ptr = full_content;
+
                 while ((nread = fread(buf, 1, 1023, file)) > 0)
                 {   
-                    total_lenght += nread;
-                    buf[nread] = '\0';
-                    if (full_content == NULL)
-                    {
-                        full_content = apr_psprintf(mptmp, "%s", buf);
-                    }
-                    else
-                    {
-                        full_content = apr_psprintf(mptmp, "%s%s", full_content, buf);
-                    }
+                    full_content_tmp_ptr = memcpy(full_content_tmp_ptr, buf, nread);
+                    full_content_tmp_ptr += nread;
+                    total_lenght         += nread;
                 }
+                full_content_tmp_ptr[total_lenght] = '\0';
                 fclose(file);
 
                 rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
@@ -1209,6 +1214,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
         }
     }
 
+files_tmp_content_not_enough_mem:
     return count;
 }

Places

File fix-CVE-2023-24021.patch of Package apache2-mod_security2

Places