1 files changed, 0 insertions, 72 deletions

diff --git a/debian/patches/CVE-2019-10097.patch b/debian/patches/CVE-2019-10097.patch
deleted file mode 100644
index 0be05f5..0000000
--- a/debian/patches/CVE-2019-10097.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Description: Fix for CVE-2019-10097
-Author: jorton
-Origin: upstream, https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1864613
-Bug: https://security-tracker.debian.org/tracker/CVE-2019-10097
-Forwarded: not-needed
-Reviewed-By: Xavier Guimard <yadd@debian.org>
-Last-Update: 2019-08-17
-
---- a/modules/metadata/mod_remoteip.c
-+++ b/modules/metadata/mod_remoteip.c
-@@ -987,15 +987,13 @@
-                     return HDR_ERROR;
- #endif
-                 default:
--                    /* unsupported protocol, keep local connection address */
--                    return HDR_DONE;
-+                    /* unsupported protocol */
-+                    ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(10183)
-+                                  "RemoteIPProxyProtocol: unsupported protocol %.2hx",
-+                                  (unsigned short)hdr->v2.fam);
-+                    return HDR_ERROR;
-             }
-             break;  /* we got a sockaddr now */
--
--        case 0x00: /* LOCAL command */
--            /* keep local connection address for LOCAL */
--            return HDR_DONE;
--
-         default:
-             /* not a supported command */
-             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(03507)
-@@ -1087,11 +1085,24 @@
-     /* try to read a header's worth of data */
-     while (!ctx->done) {
-         if (APR_BRIGADE_EMPTY(ctx->bb)) {
--            ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block,
--                                 ctx->need - ctx->rcvd);
-+            apr_off_t got, want = ctx->need - ctx->rcvd;
-+
-+            ret = ap_get_brigade(f->next, ctx->bb, ctx->mode, block, want);
-             if (ret != APR_SUCCESS) {
-+                ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10184)
-+                              "failed reading input");
-                 return ret;
-             }
-+
-+            ret = apr_brigade_length(ctx->bb, 1, &got);
-+            if (ret || got > want) {
-+                ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, f->c, APLOGNO(10185)
-+                              "RemoteIPProxyProtocol header too long, "
-+                              "got %" APR_OFF_T_FMT " expected %" APR_OFF_T_FMT,
-+                              got, want);
-+                f->c->aborted = 1;
-+                return APR_ECONNABORTED;
-+            }
-         }
-         if (APR_BRIGADE_EMPTY(ctx->bb)) {
-             return block == APR_NONBLOCK_READ ? APR_SUCCESS : APR_EOF;
-@@ -1139,6 +1150,13 @@
-                 if (ctx->rcvd >= MIN_V2_HDR_LEN) {
-                     ctx->need = MIN_V2_HDR_LEN +
-                         remoteip_get_v2_len((proxy_header *) ctx->header);
-+                    if (ctx->need > sizeof(proxy_v2)) {
-+                        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, APLOGNO(10186)
-+                                      "RemoteIPProxyProtocol protocol header length too long");
-+                        f->c->aborted = 1;
-+                        apr_brigade_destroy(ctx->bb);
-+                        return APR_ECONNABORTED;
-+                    }
-                 }
-                 if (ctx->rcvd >= ctx->need) {
-                     psts = remoteip_process_v2_header(f->c, conn_conf,