File apache2-CVE-2017-15715.patch of Package apache2.18661
--- a/include/ap_regex.h 2018/02/16 13:26:45 1824471
+++ b/include/ap_regex.h 2018/02/16 13:27:44 1824472
@@ -77,6 +77,8 @@
#define AP_REG_NOMEM 0x20 /* nomem in our code */
#define AP_REG_DOTALL 0x40 /* perl's /s flag */
+#define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */
+
#define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */
/* Error values: */
@@ -103,6 +105,26 @@
/* The functions */
/**
+ * Get default compile flags
+ * @return Bitwise OR of AP_REG_* flags
+ */
+AP_DECLARE(int) ap_regcomp_get_default_cflags(void);
+
+/**
+ * Set default compile flags
+ * @param cflags Bitwise OR of AP_REG_* flags
+ */
+AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags);
+
+/**
+ * Get the AP_REG_* corresponding to the string.
+ * @param name The name (i.e. AP_REG_<name>)
+ * @return The AP_REG_*, or zero if the string is unknown
+ *
+ */
+AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name);
+
+/**
* Compile a regular expression.
* @param preg Returned compiled regex
* @param regex The regular expression string
--- a/server/core.c 2018/02/16 13:26:45 1824471
+++ b/server/core.c 2018/02/16 13:27:44 1824472
@@ -48,6 +48,7 @@
#include "mod_core.h"
#include "mod_proxy.h"
#include "ap_listen.h"
+#include "ap_regex.h"
#include "mod_so.h" /* for ap_find_loaded_module_symbol */
@@ -2847,6 +2848,58 @@
return errmsg;
}
+static const char *set_regex_default_options(cmd_parms *cmd,
+ void *dummy,
+ const char *arg)
+{
+ const command_rec *thiscmd = cmd->cmd;
+ int cflags, cflag;
+
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ cflags = ap_regcomp_get_default_cflags();
+ while (*arg) {
+ const char *name = ap_getword_conf(cmd->pool, &arg);
+ int how = 0;
+
+ if (strcasecmp(name, "none") == 0) {
+ cflags = 0;
+ continue;
+ }
+
+ if (*name == '+') {
+ name++;
+ how = +1;
+ }
+ else if (*name == '-') {
+ name++;
+ how = -1;
+ }
+
+ cflag = ap_regcomp_default_cflag_by_name(name);
+ if (!cflag) {
+ return apr_psprintf(cmd->pool, "%s: option '%s' unknown",
+ thiscmd->name, name);
+ }
+
+ if (how > 0) {
+ cflags |= cflag;
+ }
+ else if (how < 0) {
+ cflags &= ~cflag;
+ }
+ else {
+ cflags = cflag;
+ }
+ }
+ ap_regcomp_set_default_cflags(cflags);
+
+ return NULL;
+}
+
static const char *set_server_alias(cmd_parms *cmd, void *dummy,
const char *arg)
{
@@ -4421,6 +4474,9 @@
OR_ALL, "soft/hard limits for max number of processes per uid"),
#endif
+AP_INIT_RAW_ARGS("RegexDefaultOptions", set_regex_default_options, NULL, RSRC_CONF,
+ "default options for regexes (prefixed by '+' to add, '-' to del)"),
+
/* internal recursion stopper */
AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF,
"maximum recursion depth of internal redirects and subrequests"),
@@ -4856,6 +4912,8 @@
apr_pool_cleanup_register(pconf, NULL, reset_config_defines,
apr_pool_cleanup_null);
+ ap_regcomp_set_default_cflags(AP_REG_DOLLAR_ENDONLY);
+
mpm_common_pre_config(pconf);
return OK;
--- a/server/util_pcre.c 2018/02/16 13:26:45 1824471
+++ b/server/util_pcre.c 2018/02/16 13:27:44 1824472
@@ -111,6 +111,38 @@
* Compile a regular expression *
*************************************************/
+static int default_cflags = AP_REG_DOLLAR_ENDONLY;
+
+AP_DECLARE(int) ap_regcomp_get_default_cflags(void)
+{
+ return default_cflags;
+}
+
+AP_DECLARE(void) ap_regcomp_set_default_cflags(int cflags)
+{
+ default_cflags = cflags;
+}
+
+AP_DECLARE(int) ap_regcomp_default_cflag_by_name(const char *name)
+{
+ int cflag = 0;
+
+ if (ap_cstr_casecmp(name, "ICASE") == 0) {
+ cflag = AP_REG_ICASE;
+ }
+ else if (ap_cstr_casecmp(name, "DOTALL") == 0) {
+ cflag = AP_REG_DOTALL;
+ }
+ else if (ap_cstr_casecmp(name, "DOLLAR_ENDONLY") == 0) {
+ cflag = AP_REG_DOLLAR_ENDONLY;
+ }
+ else if (ap_cstr_casecmp(name, "EXTENDED") == 0) {
+ cflag = AP_REG_EXTENDED;
+ }
+
+ return cflag;
+}
+
/*
* Arguments:
* preg points to a structure for recording the compiled expression
@@ -127,12 +159,15 @@
int errcode = 0;
int options = PCRE_DUPNAMES;
+ cflags |= default_cflags;
if ((cflags & AP_REG_ICASE) != 0)
options |= PCRE_CASELESS;
if ((cflags & AP_REG_NEWLINE) != 0)
options |= PCRE_MULTILINE;
if ((cflags & AP_REG_DOTALL) != 0)
options |= PCRE_DOTALL;
+ if ((cflags & AP_REG_DOLLAR_ENDONLY) != 0)
+ options |= PCRE_DOLLAR_ENDONLY;
preg->re_pcre =
pcre_compile2(pattern, options, &errcode, &errorptr, &erroffset, NULL);