CVE-2009-1195:
* include/http_core.h: Add back the OPT_INCNOEXEC and hide
OPT_INC_WITH_EXEC as internal-only.
* server/core.c (ap_allow_options): Invert the returned
OPT_INC_WITH_EXEC bit such that the exposed semantics of
OPT_INCNOEXEC are retained.
* modules/filters/mod_include.c (includes_filter): Revert to using
OPT_INCNOEXEC.
Submitted by: trawick, jorton
Reviewed by: jorton, trawick, rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@779472
13f79535-47bb-0310-9956-
ffa450edef68
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
- Ruediger Pluem]
+ Ruediger Pluem, Jeff Trawick]
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
* We should wait for a release of APR 1.3.4 at least for
http://svn.apache.org/viewvc?view=rev&revision=727605
-* Resolve API breakage with OPT_INC* changes. See thread
- "CVE-2009-1195 tweaks to preserve binary compatibility for stable branches"
-
- * Fix backwards compat of options handling in CVE-2009-1105 fix:
- trunk: N/A (2.2.x compat issue only)
- 2.2.x patch:
- http://people.apache.org/~jorton/ssi-opt-compat-v1.diff
- +1: jorton, trawick, rpluem
-
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
#define OPT_EXECCGI 8
/** directive unset */
#define OPT_UNSET 16
-/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
-#define OPT_INC_WITH_EXEC 32
+/** IncludesNOEXEC directive */
+#define OPT_INCNOEXEC 32
/** SymLinksIfOwnerMatch directive */
#define OPT_SYM_OWNER 64
/** MultiViews directive */
#define OPT_MULTI 128
/** All directives */
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
+#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI)
/** @} */
+#ifdef CORE_PRIVATE
+/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is
+ * internally replaced by OPT_INC_WITH_EXEC. The internal semantics
+ * of the two SSI-related bits are hence:
+ *
+ * OPT_INCLUDES => "enable SSI, without exec= permission"
+ * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec="
+ *
+ * The set of options exposed via ap_allow_options() retains the
+ * semantics of OPT_INCNOEXEC by flipping the bit. */
+#define OPT_INC_WITH_EXEC OPT_INCNOEXEC
+#endif
+
/**
* @defgroup get_remote_host Remote Host Resolution
* @ingroup APACHE_CORE_HTTPD
intern->seen_eos = 0;
intern->state = PARSE_PRE_HEAD;
ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
- if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
+ if (ap_allow_options(r) & OPT_INCNOEXEC) {
ctx->flags |= SSI_FLAG_NO_EXEC;
}
intern->accessenable = conf->accessenable;
core_dir_config *conf =
(core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
- return conf->opts;
+ /* Per comment in http_core.h - the OPT_INC_WITH_EXEC bit is
+ * inverted, such that the exposed semantics match that of
+ * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
+ * permitted. */
+ return conf->opts ^ OPT_INC_WITH_EXEC;
}
AP_DECLARE(int) ap_allow_overrides(request_rec *r)
projects / thirdparty / apache / httpd.git / commitdiff
