httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@rowe-clan.net
Subject RE: Re: CVE-2013-5704 fix breaks mod_wsgi
Date Mon, 12 Jan 2015 17:12:16 GMT
--------- Original Message --------- Subject: Re: CVE-2013-5704 fix breaks mod_wsgi
From: "Joe Orton" <jorton@redhat.com>
Date: 1/12/15 5:27 am
To: "Graham Dumpleton" <grahamd@apache.org>
Cc: "dev@httpd.apache.org" <dev@httpd.apache.org>

On Sat, Jan 10, 2015 at 09:04:12AM +1100, Graham Dumpleton wrote:
 > 1. Verify that recompiling mod_wsgi is actually sufficient given than my
 > direct use of request_rec isn't going to populate the extra fields and they
 > will remain NULL still. As trailers shouldn't be expected in context the
 > request_rec is being used directly by mod_wsgi those attributes shouldn't
 > be touched, but if that is the case, why would it be crashing without
 > recompilation happening. So need to also actually verify whether it can't
 > limp on as is for now if it isn't crashing.

 Yup, I should have mentioned that too. You are right, we had to pach 
 mod_wsgi to fix the issue properly as well:

 http://pkgs.fedoraproject.org/cgit/mod_wsgi.git/plain/mod_wsgi-4.4.3-trailers.patch?h=f21

 that can/should be surrounded with

 #if AP_MODULE_MAGIC_AT_LEAST(20120211, 37)
 ...
 #endif

 ...to make it conditional on an httpd with those fields. (Hadn't 
 submitted that back upstream yet sorry - we wanted to find a "proper" 
 solution httpd-side for this.)
 
 Exactly.  These fixes are already in for httpd's mod_ftp svn.  I had also missed this while
building that module and hadn't put it through its paces, as we were preparing 2.2.
 
The proper solution is to never let the module create a structure such as request_req.  This
would normally be accomplished by semi-opaque/incomplete data types, which weren't portably
possible in '00 but might be realistic today.
 
Whether we expose a complete or incomplete datatype - that solution is to expose the object's
allocator/initializer.  OO programming topic 101.

Mime
View raw message