summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-26691.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-26691.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-debian/2.4.38-3+deb10u8.tar.xz
apache2-debian/2.4.38-3+deb10u8.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-26691.patch')
-rw-r--r--debian/patches/CVE-2021-26691.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-26691.patch b/debian/patches/CVE-2021-26691.patch
new file mode 100644
index 0000000..7b96fad
--- /dev/null
+++ b/debian/patches/CVE-2021-26691.patch
@@ -0,0 +1,18 @@
+Description: mod_session: account for the '&' in identity_concat().
+Author: Apache authors
+Origin: upstream, https://github.com/apache/httpd/commit/7e09dd71
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -305,7 +305,7 @@
+ static int identity_count(void *v, const char *key, const char *val)
+ {
+ int *count = v;
+- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
++ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
+ return 1;
+ }
+