httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: mod_perl test failure with CVE-2009-1195 fix in 2.2.12
Date Mon, 01 Jun 2009 17:22:45 GMT
On Mon, Jun 1, 2009 at 7:30 AM, Stefan Fritsch <sf@sfritsch.de> wrote:

> Hi,
>
> when backporting the CVE-2009-1195 fix in r773881+r779472 from
> branches/2.2.x to 2.2.9, I noticed that it causes a test failure when
> compiling mod_perl 2.0.4. Since I am neither familiar with mod_perl nor with
> the mod_include internals, maybe someone else can check if this is a
> necessary breakage or if the fix can be adjusted to be more backward
> compatible.
>
> The test output:
> ================
> t/api/add_config........................# connecting to
> http://localhost:8560/TestAPI__add_config/
> 1..9
> # Running under perl version 5.010000 for linux
> # Current time local: Mon Jun  1 15:56:35 2009
> # Current time GMT:   Mon Jun  1 13:56:35 2009
> # Using Test.pm version 1.25
> # Using Apache/Test.pm version 1.31
>
> ...
>
> # expected: 8
> # received: 40
> not ok 7
>
> ...
>
> FAILED test 7
>        Failed 1/9 tests, 88.89% okay
> =============
>
> The interesting test file in mod_perls source is ./t/response/TestAPI/
> add_config.pm.
>
> It looks like the test sets "Options ExecCGI" and expects $r->allow_options
> to be 8 (Apache2::Const::OPT_EXECCGI), but the actual value is 40
> (Apache2::Const::OPT_EXECCGI|Apache2::Const::OPT_INCNOEXEC).
>

Gosh we su^H^H^H^H...  Thanks so much!  The simple flipping of that bit in
ap_allow_options() is incorrect; it needs to do so only if OPT_INCLUDES is
turned on.

This patch works for me; please try it with the Perl suite.

Index: server/core.c
===================================================================
--- server/core.c (revision 780727)
+++ server/core.c (working copy)
@@ -665,7 +665,12 @@
      * inverted, such that the exposed semantics match that of
      * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
      * permitted. */
-    return conf->opts ^ OPT_INC_WITH_EXEC;
+    if (conf->opts & OPT_INCLUDES) {
+        return conf->opts ^ OPT_INC_WITH_EXEC;
+    }
+    else {
+        return conf->opts;
+    }
 }

Mime
View raw message