summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-23943-2.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-07 02:04:07 +0000
commit1221c736f9a90756d47ea6d28320b6b83602dd2a (patch)
treeb453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2022-23943-2.patch
parentAdding upstream version 2.4.38. (diff)
downloadapache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz
apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2022-23943-2.patch')
-rw-r--r--debian/patches/CVE-2022-23943-2.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-23943-2.patch b/debian/patches/CVE-2022-23943-2.patch
new file mode 100644
index 0000000..bcf883c
--- /dev/null
+++ b/debian/patches/CVE-2022-23943-2.patch
@@ -0,0 +1,63 @@
+From e266bd09c313a668d7cca17a8b096d189148be49 Mon Sep 17 00:00:00 2001
+From: Ruediger Pluem <rpluem@apache.org>
+Date: Wed, 9 Mar 2022 07:41:40 +0000
+Subject: [PATCH] Merge r1898735 from trunk:
+
+* Improve the logic flow
+
+Reviewed by: rpluem, covener, ylavic
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1898772 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/filters/mod_sed.c | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/modules/filters/mod_sed.c b/modules/filters/mod_sed.c
+index 7092dd5e7f..4bdb4ce33a 100644
+--- a/modules/filters/mod_sed.c
++++ b/modules/filters/mod_sed.c
+@@ -168,21 +168,29 @@ static apr_status_t sed_write_output(void *dummy, char *buf, apr_size_t sz)
+ }
+ /* buffer is now full */
+ status = append_bucket(ctx, ctx->outbuf, ctx->bufsize);
+- /* old buffer is now used so allocate new buffer */
+- alloc_outbuf(ctx);
+- /* if size is bigger than the allocated buffer directly add to output
+- * brigade */
+- if ((status == APR_SUCCESS) && (sz >= ctx->bufsize)) {
+- char* newbuf = apr_pmemdup(ctx->tpool, buf, sz);
+- status = append_bucket(ctx, newbuf, sz);
+- /* pool might get clear after append_bucket */
+- if (ctx->outbuf == NULL) {
++ if (status == APR_SUCCESS) {
++ /* if size is bigger than the allocated buffer directly add to output
++ * brigade */
++ if (sz >= ctx->bufsize) {
++ char* newbuf = apr_pmemdup(ctx->tpool, buf, sz);
++ status = append_bucket(ctx, newbuf, sz);
++ if (status == APR_SUCCESS) {
++ /* old buffer is now used so allocate new buffer */
++ alloc_outbuf(ctx);
++ }
++ else {
++ clear_ctxpool(ctx);
++ }
++ }
++ else {
++ /* old buffer is now used so allocate new buffer */
+ alloc_outbuf(ctx);
++ memcpy(ctx->curoutbuf, buf, sz);
++ ctx->curoutbuf += sz;
+ }
+ }
+ else {
+- memcpy(ctx->curoutbuf, buf, sz);
+- ctx->curoutbuf += sz;
++ clear_ctxpool(ctx);
+ }
+ }
+ else {
+--
+2.30.2
+