Fix CVE-2012-5572 (cookie name CR-LF injection)
This commit is contained in:
Petr Písař
parent
5221677444
commit
6eb544176a
59
Dancer-1.3113-CVE-2012-5572-1.patch
Normal file
59
Dancer-1.3113-CVE-2012-5572-1.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
From d21a0983fa95ffea2b50ad5af84cc93f4ce5f4d2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Keith <colinmkeith@gmail.com>
|
||||||
|
Date: Sat, 25 May 2013 00:46:53 -0400
|
||||||
|
Subject: [PATCH 1/2] test and resolution for CVE-2012-5572, \r\n sequence
|
||||||
|
being allowed in a cookie name fixes PerlDancer/Dancer#859
|
||||||
|
|
||||||
|
---
|
||||||
|
t/12_response/11_CVE-2012-5572.t | 39 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 39 insertions(+)
|
||||||
|
create mode 100644 t/12_response/11_CVE-2012-5572.t
|
||||||
|
|
||||||
|
diff --git a/t/12_response/11_CVE-2012-5572.t b/t/12_response/11_CVE-2012-5572.t
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..2b6eacb
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/t/12_response/11_CVE-2012-5572.t
|
||||||
|
@@ -0,0 +1,39 @@
|
||||||
|
+package main;
|
||||||
|
+use strict;
|
||||||
|
+use warnings;
|
||||||
|
+use Test::More tests => 2, import => ['!pass'];
|
||||||
|
+
|
||||||
|
+{
|
||||||
|
+ use Dancer;
|
||||||
|
+ get '/CVE-2012-5572-cookie' => sub {
|
||||||
|
+ cookie "test\r\nX-Evil-Header: " => "evil";
|
||||||
|
+ };
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+use Dancer::Test;
|
||||||
|
+{
|
||||||
|
+ note "Testing CVE-2012-5572 (CRLF in response headers)";
|
||||||
|
+ my $req = [GET => '/CVE-2012-5572-cookie'];
|
||||||
|
+ route_exists $req;
|
||||||
|
+ my $response = Dancer::Test::_req_to_response($req);
|
||||||
|
+
|
||||||
|
+ my $CRLF = "\r\n";
|
||||||
|
+
|
||||||
|
+ my $tb = Test::Builder->new;
|
||||||
|
+ my %headers = @{$response->headers_to_array};
|
||||||
|
+ my $foundCRLF = 0;
|
||||||
|
+ while (my($name, $value) = each %headers) {
|
||||||
|
+ index($value, $CRLF) == -1
|
||||||
|
+ && index($name, $CRLF) == -1
|
||||||
|
+ && next;
|
||||||
|
+ $foundCRLF = 1;
|
||||||
|
+ last;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $tb->ok(!$foundCRLF, 'Headers do not contain CRLF (CVE-2012-5572)');
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+1;
|
||||||
|
+
|
||||||
|
--
|
||||||
|
1.8.1.4
|
||||||
|
|
||||||
29
Dancer-1.3113-CVE-2012-5572-2.patch
Normal file
29
Dancer-1.3113-CVE-2012-5572-2.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 46ef9124f3149f697455061499ac7cee40930349 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Keith <colinmkeith@gmail.com>
|
||||||
|
Date: Sat, 25 May 2013 22:56:31 -0400
|
||||||
|
Subject: [PATCH 2/2] resolution for CVE-2012-5572, \r\n sequence being allowed
|
||||||
|
in a cookie name fixes PerlDancer/Dancer#859
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/Dancer/Cookie.pm | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/Dancer/Cookie.pm b/lib/Dancer/Cookie.pm
|
||||||
|
index efcb1a3..e736ab8 100644
|
||||||
|
--- a/lib/Dancer/Cookie.pm
|
||||||
|
+++ b/lib/Dancer/Cookie.pm
|
||||||
|
@@ -29,7 +29,10 @@ sub to_header {
|
||||||
|
my $value = join('&', map {uri_escape($_)} $self->value);
|
||||||
|
my $no_httponly = defined( $self->http_only ) && $self->http_only == 0;
|
||||||
|
|
||||||
|
- my @headers = $self->name . '=' . $value;
|
||||||
|
+ my $name = $self->name;
|
||||||
|
+ $name =~ s/[=,; \t\r\n\013\014]//mg;
|
||||||
|
+
|
||||||
|
+ my @headers = $name . '=' . $value;
|
||||||
|
push @headers, "path=" . $self->path if $self->path;
|
||||||
|
push @headers, "expires=" . $self->expires if $self->expires;
|
||||||
|
push @headers, "domain=" . $self->domain if $self->domain;
|
||||||
|
--
|
||||||
|
1.8.1.4
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: perl-Dancer
|
Name: perl-Dancer
|
||||||
Version: 1.3113
|
Version: 1.3113
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Lightweight yet powerful web application framework
|
Summary: Lightweight yet powerful web application framework
|
||||||
License: GPL+ or Artistic
|
License: GPL+ or Artistic
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
@ -8,6 +8,10 @@ URL: http://search.cpan.org/dist/Dancer/
|
|||||||
Source0: http://www.cpan.org/authors/id/Y/YA/YANICK/Dancer-%{version}.tar.gz
|
Source0: http://www.cpan.org/authors/id/Y/YA/YANICK/Dancer-%{version}.tar.gz
|
||||||
# Bug #960184, GitHub #PerlDancer/Dancer/919
|
# Bug #960184, GitHub #PerlDancer/Dancer/919
|
||||||
Patch0: Dancer-1.3112-Return-non-zero-exit-code-on-bad-application-name.patch
|
Patch0: Dancer-1.3112-Return-non-zero-exit-code-on-bad-application-name.patch
|
||||||
|
# Bug #880330, test for CVE-2012-5572, GiHub #PerlDancer/Dancer/859
|
||||||
|
Patch1: Dancer-1.3113-CVE-2012-5572-1.patch
|
||||||
|
# Bug #880330, fix for CVE-2012-5572, GiHub #PerlDancer/Dancer/859
|
||||||
|
Patch2: Dancer-1.3113-CVE-2012-5572-2.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: perl(base)
|
BuildRequires: perl(base)
|
||||||
@ -95,6 +99,8 @@ your code.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n Dancer-%{version}
|
%setup -q -n Dancer-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
perl Makefile.PL INSTALLDIRS=vendor
|
perl Makefile.PL INSTALLDIRS=vendor
|
||||||
@ -116,6 +122,9 @@ make test
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 03 2013 Petr Pisar <ppisar@redhat.com> - 1.3113-2
|
||||||
|
- Fix CVE-2012-5572 (cookie name CR-LF injection) (bug #880330)
|
||||||
|
|
||||||
* Mon May 13 2013 Jitka Plesnikova <jplesnik@redhat.com> - 1.3113-1
|
* Mon May 13 2013 Jitka Plesnikova <jplesnik@redhat.com> - 1.3113-1
|
||||||
- 1.3113 bump
|
- 1.3113 bump
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user