File: cve-2025-48866.patch

package info (click to toggle)
modsecurity-apache 2.9.7-1%2Bdeb12u1
  • links: PTS
  • area: main
  • in suites: bookworm
  • size: 10,440 kB
  • sloc: ansic: 51,935; sh: 4,516; perl: 2,340; cpp: 1,930; makefile: 620; xml: 6
file content (18 lines) | stat: -rw-r--r-- 634 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
Description: Patch for CVE-2025-48866
Author: Ervin Hegedüs <airween@gmail.com>
Last-Update: 2025-06-03
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/apache2/re_actions.c
+++ b/apache2/re_actions.c
@@ -1348,8 +1348,9 @@
     for (i = 0; i < tarr->nelts; i++) {
         msc_arg *arg = (msc_arg *)telts[i].val;
 
-        if (strcasecmp(sargname, arg->name) == 0) {
+        if (arg->marked_for_sanitization == 0 && strcasecmp(sargname, arg->name) == 0) {
             apr_table_addn(msr->arguments_to_sanitize, arg->name, (void *)arg);
+            arg->marked_for_sanitization = 1;
         }
     }