File fix-CVE-2023-24021.patch of Package apache2-mod_security2.38968
From 4324f0ac59f8225aa44bc5034df60dbeccd1d334 Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Wed, 4 Jan 2023 11:34:11 -0800
Subject: [PATCH] Fix: FILES_TMP_CONTENT may sometimes lack complete content
---
CHANGES | 2 ++
apache2/re_variables.c | 26 ++++++++++++++++----------
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/apache2/re_variables.c b/apache2/re_variables.c
index 12a0a5620..a53140b2c 100644
--- a/apache2/re_variables.c
+++ b/apache2/re_variables.c
@@ -1173,6 +1173,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
FILE *file;
size_t nread;
char *full_content = NULL;
+ char *full_content_tmp_ptr = NULL;
size_t total_lenght = 0;
msre_var *rvar = NULL;
@@ -1182,19 +1183,23 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
continue;
}
+ full_content = (char *)apr_pcalloc(mptmp, (sizeof(char)*parts[i]->length) + 1);
+ if (full_content == NULL) {
+ if (msr->txcfg->debuglog_level >= 3) {
+ msr_log(msr, 3, "Variable FILES_TMP_CONTENT will not be created, not " \
+ "enough memory available.");
+ }
+ goto files_tmp_content_not_enough_mem;
+ }
+ full_content_tmp_ptr = full_content;
+
while ((nread = fread(buf, 1, 1023, file)) > 0)
{
- total_lenght += nread;
- buf[nread] = '\0';
- if (full_content == NULL)
- {
- full_content = apr_psprintf(mptmp, "%s", buf);
- }
- else
- {
- full_content = apr_psprintf(mptmp, "%s%s", full_content, buf);
- }
+ full_content_tmp_ptr = memcpy(full_content_tmp_ptr, buf, nread);
+ full_content_tmp_ptr += nread;
+ total_lenght += nread;
}
+ full_content_tmp_ptr[total_lenght] = '\0';
fclose(file);
rvar = apr_pmemdup(mptmp, var, sizeof(msre_var));
@@ -1209,6 +1214,7 @@ static int var_files_tmp_contents_generate(modsec_rec *msr, msre_var *var,
}
}
+files_tmp_content_not_enough_mem:
return count;
}
