summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-44790.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-44790.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-f35b715de7e7c7bbfee87ecb39ca91936e294a35.tar.xz
apache2-f35b715de7e7c7bbfee87ecb39ca91936e294a35.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-44790.patch')
-rw-r--r--debian/patches/CVE-2021-44790.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-44790.patch b/debian/patches/CVE-2021-44790.patch
new file mode 100644
index 0000000..dbba745
--- /dev/null
+++ b/debian/patches/CVE-2021-44790.patch
@@ -0,0 +1,18 @@
+Description: Improve error handling
+Author: Stefan Eissing <icing@apache.org>
+Origin: upstream, https://github.com/apache/httpd/commit/07b9768c
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-44790
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-12-21
+
+--- a/modules/lua/lua_request.c
++++ b/modules/lua/lua_request.c
+@@ -376,6 +376,7 @@
+ if (end == NULL) break;
+ key = (char *) apr_pcalloc(r->pool, 256);
+ filename = (char *) apr_pcalloc(r->pool, 256);
++ if (end - crlf <= 8) break;
+ vlen = end - crlf - 8;
+ buffer = (char *) apr_pcalloc(r->pool, vlen+1);
+ memcpy(buffer, crlf + 4, vlen);