apache2/CVE-2025-66200.patch

From 9d26b95787b229a3f6195d7beead774d131eeda1 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 1 Dec 2025 12:04:29 +0000
Subject: [PATCH] don't use request notes for suexec

also, stop accepting the obscure "note" option in
RequestHeader, it is only documented/described as being
meant for Header (output filter).



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1930164 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/mappers/mod_userdir.c  | 4 ++--
 modules/metadata/mod_headers.c | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

Index: httpd-2.4.63/modules/mappers/mod_userdir.c
===================================================================
--- httpd-2.4.63.orig/modules/mappers/mod_userdir.c
+++ httpd-2.4.63/modules/mappers/mod_userdir.c
@@ -334,7 +334,7 @@ static int translate_userdir(request_rec
                 r->finfo = statbuf;
 
             /* For use in the get_suexec_identity phase */
-            apr_table_setn(r->notes, "mod_userdir_user", user);
+            ap_set_module_config(r->request_config, &userdir_module, (void *)user);
 
             return OK;
         }
@@ -348,7 +348,7 @@ static ap_unix_identity_t *get_suexec_id
 {
     ap_unix_identity_t *ugid = NULL;
 #if APR_HAS_USER
-    const char *username = apr_table_get(r->notes, "mod_userdir_user");
+    const char *username = (const char*) ap_get_module_config(r->request_config, &userdir_module);
 
     if (username == NULL) {
         return NULL;