mod_perl 2.x does not properly escape PATH_INFO before use in a

regular expression

PR:		113988
Submitted by:	Henrik Brix Andersen <henrik@brixandersen.dk>
Approved by:	maintainer override (3 days, security)
Security:	CVE-2007-1349,
		VuXML ef2ffb03-f2b0-11db-ad25-0010b5a0a860

2 files changed, 16 insertions, 1 deletions

diff --git a/www/mod_perl2/Makefile b/www/mod_perl2/Makefile
index 0ac2acb39c74..3899bb3fe456 100644
--- a/www/mod_perl2/Makefile
+++ b/www/mod_perl2/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	mod_perl
 PORTVERSION=	2.0.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	3
 CATEGORIES=	www perl5
 MASTER_SITES=	http://perl.apache.org/dist/ \
@@ -72,6 +72,9 @@ PLIST_SUB=	THREADMUTEX="@comment "
 IGNORE=		requires perl 5.8.x or later. Install lang/perl5.8 then try again
 .endif
 
+pre-configure:
+	${RM} ${WRKSRC}/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm.orig
+
 post-install:
 	${MKDIR} ${PREFIX}/${APACHEINCLUDEDIR}/modules/perl
 	${INSTALL_DATA} ${WRKSRC}/src/modules/perl/*.h \
diff --git a/www/mod_perl2/files/patch-RegistryCooker.pm b/www/mod_perl2/files/patch-RegistryCooker.pm
new file mode 100644
index 000000000000..cf86c8a04306
--- /dev/null
+++ b/www/mod_perl2/files/patch-RegistryCooker.pm
@@ -0,0 +1,12 @@
+diff -Naurp ModPerl-Registry/lib/ModPerl/RegistryCooker.pm.orig ModPerl-Registry/lib/ModPerl/RegistryCooker.pm
+--- ModPerl-Registry/lib/ModPerl/RegistryCooker.pm.orig	2006-11-19 18:31:41.000000000 -0500
++++ ModPerl-Registry/lib/ModPerl/RegistryCooker.pm	2007-03-30 19:08:05.000000000 -0400
+@@ -337,7 +337,7 @@ sub namespace_from_uri {
+     my $self = shift;
+ 
+     my $path_info = $self->{REQ}->path_info;
+-    my $script_name = $path_info && $self->{URI} =~ /$path_info$/
++    my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/
+         ? substr($self->{URI}, 0, length($self->{URI}) - length($path_info))
+         : $self->{URI};
+