Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 178579 Details for
Bug 255031
www-apache/mod_auth_mysql SQL injection vulnerability (CVE-2008-2384)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
mod_auth_mysql-CVE-2008-2384.patch
mod_auth_mysql-CVE-2008-2384.patch (text/plain), 3.18 KB, created by
Robert Buchholz (RETIRED)
on 2009-01-15 12:27:32 UTC
(
hide
)
Description:
mod_auth_mysql-CVE-2008-2384.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-01-15 12:27:32 UTC
Size:
3.18 KB
patch
obsolete
>diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c >--- mod-auth-mysql~/mod_auth_mysql.c 2009-01-07 21:47:20.000000000 +0100 >+++ mod-auth-mysql/mod_auth_mysql.c 2009-01-08 21:12:47.000000000 +0100 >@@ -340,6 +340,8 @@ typedef struct { > > module auth_mysql_module; > >+static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec); >+ > #ifdef APACHE2 > static apr_status_t > #else >@@ -506,9 +508,9 @@ static const char *set_scrambled_passwor > * server when passed in as part of a query. > */ > #ifdef APACHE2 >-static char *mysql_escape(char *str, apr_pool_t *p) >+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p) > #else >-static char *mysql_escape(char *str, pool *p) >+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p) > #endif > { > char *dest; >@@ -522,7 +524,7 @@ static char *mysql_escape(char *str, poo > return str; > } > >- mysql_escape_string(dest, str, strlen(str)); >+ mysql_real_escape_string(sec->dbh, dest, str, strlen(str)); > > return dest; > } >@@ -1374,25 +1376,18 @@ static int open_auth_dblink(request_rec > } > > if (sec->db_charset) { >+ const char *check; >+ > APACHELOG(APLOG_DEBUG, r, > "Setting character set to %s", sec->db_charset); > >- query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL); >- if (!query) { >- APACHELOG(APLOG_ERR, r, >- "Failed to create query string - we're no good..."); >- return -1; >- } >+ mysql_set_character_set(sec->dbh, sec->db_charset); > >- if (mysql_query(sec->dbh, query)) { >- if (sec->dbh) >- { >- APACHELOG(APLOG_ERR, r, >- "Query call failed: %s (%i)", mysql_error(sec->dbh), >- mysql_errno(sec->dbh)); >- } >+ check = mysql_character_set_name(sec->dbh); > >- APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query); >+ if (!check || strcmp(sec->db_charset, check)) { >+ APACHELOG(APLOG_ERR, r, >+ "Failed to set character set to %s", sec->db_charset); > return -1; > } > } >@@ -1537,11 +1532,27 @@ static int mysql_check_user_password(req > char *auth_table = "mysql_auth", *auth_user_field = "username", > *auth_password_field = "passwd", *auth_password_clause = ""; > char *query; >- char *esc_user = mysql_escape(user, r->pool); >+ char *esc_user = NULL; > MYSQL_RES *result; > MYSQL_ROW sql_row; >+ int error = CR_UNKNOWN_ERROR; > int rv; > >+ if (!sec->dbh) { >+ APACHELOG(APLOG_DEBUG, r, >+ "No DB connection open - firing one up"); >+ if ((error = open_auth_dblink(r, sec))) { >+ APACHELOG(APLOG_DEBUG, r, >+ "open_auth_dblink returned %i", error); >+ return error; >+ } >+ >+ APACHELOG(APLOG_DEBUG, r, >+ "Correctly opened a new DB connection"); >+ } >+ >+ esc_user = mysql_escape(sec, r, user, r->pool); >+ > if (sec->user_table) { > auth_table = sec->user_table; > } >@@ -1627,8 +1638,8 @@ static int mysql_check_group(request_rec > { > char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; > char *query; >- char *esc_user = mysql_escape(user, r->pool); >- char *esc_group = mysql_escape(group, r->pool); >+ char *esc_user = mysql_escape(sec, r, user, r->pool); >+ char *esc_group = mysql_escape(sec, r, group, r->pool); > MYSQL_RES *result; > MYSQL_ROW row; > char *auth_user_field = "username";
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 255031
: 178579