summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2020-11984.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2020-11984.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2020-11984.patch')
-rw-r--r--debian/patches/CVE-2020-11984.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/patches/CVE-2020-11984.patch b/debian/patches/CVE-2020-11984.patch
new file mode 100644
index 0000000..409f958
--- /dev/null
+++ b/debian/patches/CVE-2020-11984.patch
@@ -0,0 +1,45 @@
+Description: fix error out on HTTP header larger than 16K
+ The uwsgi protocol does not let us serialize more than 16K of HTTP header,
+ so fail early with 500 if it happens.
+Author: ylavic
+Origin: upstream, https://github.com/apache/httpd/commit/0c543e3f
+Bug: https://security-tracker.debian.org/tracker/CVE-2020-11984
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2020-08-25
+
+--- a/modules/proxy/mod_proxy_uwsgi.c
++++ b/modules/proxy/mod_proxy_uwsgi.c
+@@ -136,7 +136,7 @@
+ int j;
+
+ apr_size_t headerlen = 4;
+- apr_uint16_t pktsize, keylen, vallen;
++ apr_size_t pktsize, keylen, vallen;
+ const char *script_name;
+ const char *path_info;
+ const char *auth;
+@@ -177,6 +177,14 @@
+ for (j = 0; j < env_table->nelts; ++j) {
+ headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
+ }
++ pktsize = headerlen - 4;
++ if (pktsize > APR_UINT16_MAX) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259)
++ "can't send headers to %s:%u: packet size too "
++ "large (%" APR_SIZE_T_FMT ")",
++ conn->hostname, conn->port, pktsize);
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
+
+ ptr = buf = apr_palloc(r->pool, headerlen);
+
+@@ -196,8 +204,6 @@
+ ptr += vallen;
+ }
+
+- pktsize = headerlen - 4;
+-
+ buf[0] = 0;
+ buf[1] = (apr_byte_t) (pktsize & 0xff);
+ buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);