|
 |
af9996c |
From 3f1693d558d0758f829c8b53993f1749ddf6ffcb Mon Sep 17 00:00:00 2001
|
|
|
af9996c |
From: Jim Jagielski <jim@apache.org>
|
|
|
af9996c |
Date: Tue, 2 Dec 2014 12:50:59 +0000
|
|
|
af9996c |
Subject: [PATCH] Merge r1642499 from trunk:
|
|
|
af9996c |
|
|
|
af9996c |
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
|
|
|
af9996c |
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
|
|
|
af9996c |
used in multiple Require directives with different arguments.
|
|
|
af9996c |
PR57204 [Edward Lu <Chaosed0 gmail.com>]
|
|
|
af9996c |
|
|
|
af9996c |
Submitted By: Edward Lu
|
|
|
af9996c |
Committed By: covener
|
|
|
af9996c |
|
|
|
af9996c |
|
|
|
af9996c |
Submitted by: covener
|
|
|
af9996c |
Reviewed/backported by: jim
|
|
|
af9996c |
|
|
|
af9996c |
|
|
|
af9996c |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642861 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
af9996c |
---
|
|
|
af9996c |
CHANGES | 5 +++++
|
|
|
af9996c |
STATUS | 7 -------
|
|
|
af9996c |
modules/lua/mod_lua.c | 27 +++++++++++++++++----------
|
|
|
af9996c |
3 files changed, 22 insertions(+), 17 deletions(-)
|
|
|
af9996c |
|
|
|
af9996c |
diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
|
|
|
af9996c |
index b2dca75..e6d2cfc 100644
|
|
|
af9996c |
--- a/modules/lua/mod_lua.c
|
|
|
af9996c |
+++ b/modules/lua/mod_lua.c
|
|
|
af9996c |
@@ -66,9 +66,13 @@ typedef struct {
|
|
|
af9996c |
const char *file_name;
|
|
|
af9996c |
const char *function_name;
|
|
|
af9996c |
ap_lua_vm_spec *spec;
|
|
|
af9996c |
- apr_array_header_t *args;
|
|
|
af9996c |
} lua_authz_provider_spec;
|
|
|
af9996c |
|
|
|
af9996c |
+typedef struct {
|
|
|
af9996c |
+ lua_authz_provider_spec *spec;
|
|
|
af9996c |
+ apr_array_header_t *args;
|
|
|
af9996c |
+} lua_authz_provider_func;
|
|
|
af9996c |
+
|
|
|
af9996c |
apr_hash_t *lua_authz_providers;
|
|
|
af9996c |
|
|
|
af9996c |
typedef struct
|
|
|
af9996c |
@@ -1692,6 +1696,7 @@ static const char *lua_authz_parse(cmd_parms *cmd, const char *require_line,
|
|
|
af9996c |
{
|
|
|
af9996c |
const char *provider_name;
|
|
|
af9996c |
lua_authz_provider_spec *spec;
|
|
|
af9996c |
+ lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func));
|
|
|
af9996c |
|
|
|
af9996c |
apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE,
|
|
|
af9996c |
cmd->temp_pool);
|
|
|
af9996c |
@@ -1699,16 +1704,17 @@ static const char *lua_authz_parse(cmd_parms *cmd, const char *require_line,
|
|
|
af9996c |
|
|
|
af9996c |
spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING);
|
|
|
af9996c |
ap_assert(spec != NULL);
|
|
|
af9996c |
+ func->spec = spec;
|
|
|
af9996c |
|
|
|
af9996c |
if (require_line && *require_line) {
|
|
|
af9996c |
const char *arg;
|
|
|
af9996c |
- spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
|
|
|
af9996c |
+ func->args = apr_array_make(cmd->pool, 2, sizeof(const char *));
|
|
|
af9996c |
while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) {
|
|
|
af9996c |
- APR_ARRAY_PUSH(spec->args, const char *) = arg;
|
|
|
af9996c |
+ APR_ARRAY_PUSH(func->args, const char *) = arg;
|
|
|
af9996c |
}
|
|
|
af9996c |
}
|
|
|
af9996c |
|
|
|
af9996c |
- *parsed_require_line = spec;
|
|
|
af9996c |
+ *parsed_require_line = func;
|
|
|
af9996c |
return NULL;
|
|
|
af9996c |
}
|
|
|
af9996c |
|
|
|
af9996c |
@@ -1722,7 +1728,8 @@ static authz_status lua_authz_check(request_rec *r, const char *require_line,
|
|
|
af9996c |
&lua_module);
|
|
|
af9996c |
const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
|
|
|
af9996c |
&lua_module);
|
|
|
af9996c |
- const lua_authz_provider_spec *prov_spec = parsed_require_line;
|
|
|
af9996c |
+ const lua_authz_provider_func *prov_func = parsed_require_line;
|
|
|
af9996c |
+ const lua_authz_provider_spec *prov_spec = prov_func->spec;
|
|
|
af9996c |
int result;
|
|
|
af9996c |
int nargs = 0;
|
|
|
af9996c |
|
|
|
af9996c |
@@ -1744,19 +1751,19 @@ static authz_status lua_authz_check(request_rec *r, const char *require_line,
|
|
|
af9996c |
return AUTHZ_GENERAL_ERROR;
|
|
|
af9996c |
}
|
|
|
af9996c |
ap_lua_run_lua_request(L, r);
|
|
|
af9996c |
- if (prov_spec->args) {
|
|
|
af9996c |
+ if (prov_func->args) {
|
|
|
af9996c |
int i;
|
|
|
af9996c |
- if (!lua_checkstack(L, prov_spec->args->nelts)) {
|
|
|
af9996c |
+ if (!lua_checkstack(L, prov_func->args->nelts)) {
|
|
|
af9996c |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315)
|
|
|
af9996c |
"Error: authz provider %s: too many arguments", prov_spec->name);
|
|
|
af9996c |
ap_lua_release_state(L, spec, r);
|
|
|
af9996c |
return AUTHZ_GENERAL_ERROR;
|
|
|
af9996c |
}
|
|
|
af9996c |
- for (i = 0; i < prov_spec->args->nelts; i++) {
|
|
|
af9996c |
- const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *);
|
|
|
af9996c |
+ for (i = 0; i < prov_func->args->nelts; i++) {
|
|
|
af9996c |
+ const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *);
|
|
|
af9996c |
lua_pushstring(L, arg);
|
|
|
af9996c |
}
|
|
|
af9996c |
- nargs = prov_spec->args->nelts;
|
|
|
af9996c |
+ nargs = prov_func->args->nelts;
|
|
|
af9996c |
}
|
|
|
af9996c |
if (lua_pcall(L, 1 + nargs, 1, 0)) {
|
|
|
af9996c |
const char *err = lua_tostring(L, -1);
|