summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-34798.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2021-34798.patch40
1 files changed, 0 insertions, 40 deletions
diff --git a/debian/patches/CVE-2021-34798.patch b/debian/patches/CVE-2021-34798.patch
deleted file mode 100644
index bd6261a..0000000
--- a/debian/patches/CVE-2021-34798.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Description: Initialize the request fields on read failure to avoid NULLs
-Origin: upstream, https://github.com/apache/httpd/commit/74c097f0,
- https://github.com/apache/httpd/commit/6945bb2
-Bug: https://security-tracker.debian.org/tracker/CVE-2021-34798
-Forwarded: not-needed
-Reviewed-By: Yadd <yadd@debian.org>
-Last-Update: 2021-09-21
-
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -643,6 +643,8 @@
- return end - field;
- }
-
-+static const char m_invalid_str[] = "-";
-+
- static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
- {
- enum {
-@@ -685,6 +687,11 @@
- if (rv != APR_SUCCESS) {
- r->request_time = apr_time_now();
-
-+ /* Fall through with an invalid (non NULL) request */
-+ r->method = m_invalid_str;
-+ r->method_number = M_INVALID;
-+ r->uri = r->unparsed_uri = apr_pstrdup(r->pool, "-");
-+
- /* ap_rgetline returns APR_ENOSPC if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
-@@ -1330,7 +1337,7 @@
- "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
- r->server->limit_req_line);
- }
-- else if (r->method == NULL) {
-+ else if (r->method == m_invalid_str) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566)
- "request failed: malformed request line");
- }