diff mbox series

[meta-webserver,dunfell] httpd: CVE-2022-36760 mod_proxy_ajp: Possible request smuggling

Message ID 20230131053911.92124-1-hprajapati@mvista.com
State New
Headers show
Series [meta-webserver,dunfell] httpd: CVE-2022-36760 mod_proxy_ajp: Possible request smuggling | expand

Commit Message

Hitendra Prajapati Jan. 31, 2023, 5:39 a.m. UTC
Upstream-Status: Backport from https://github.com/apache/httpd/commit/d93e61e3e9622bacff746772cb9c97fdcaed8baf

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../apache2/apache2/CVE-2022-36760.patch      | 37 +++++++++++++++++++
 .../recipes-httpd/apache2/apache2_2.4.54.bb   |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch
diff mbox series

Patch

diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch
new file mode 100644
index 0000000000..afa6e398cf
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2022-36760.patch
@@ -0,0 +1,37 @@ 
+From d93e61e3e9622bacff746772cb9c97fdcaed8baf Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Tue, 10 Jan 2023 13:20:55 +0000
+Subject: [PATCH] CVE-2022-36760
+
+SECURITY: CVE-2022-36760 (cve.mitre.org)
+
+Ensure connection closure for an invalid Transfer-Encoding header,
+to prevent HTTP request smuggling attack with an AJP proxy.
+
+cleanup on error
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906542 13f79535-47bb-0310-9956-ffa450edef68
+
+Upstream-Status: Backport [https://github.com/apache/httpd/commit/d93e61e3e9622bacff746772cb9c97fdcaed8baf]
+CVE: CVE-2022-36760
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ modules/proxy/mod_proxy_ajp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index 226ad9b..1449aca 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -257,6 +257,8 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r,
+             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10396)
+                           "%s Transfer-Encoding is not supported",
+                           tenc);
++            /* We had a failure: Close connection to backend */
++            conn->close = 1;
+             return HTTP_INTERNAL_SERVER_ERROR;
+         }
+     } else {
+-- 
+2.25.1
+
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
index 2fdf926292..2bda18d2d2 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb
@@ -15,6 +15,7 @@  SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
            file://0007-apache2-allow-to-disable-selinux-support.patch \
            file://0008-Fix-perl-install-directory-to-usr-bin.patch \
            file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
+           file://CVE-2022-36760.patch \
           "
 
 SRC_URI:append:class-target = " \