diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/CVE-2021-34798.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/debian/patches/CVE-2021-34798.patch b/debian/patches/CVE-2021-34798.patch deleted file mode 100644 index bd6261a..0000000 --- a/debian/patches/CVE-2021-34798.patch +++ /dev/null @@ -1,40 +0,0 @@ -Description: Initialize the request fields on read failure to avoid NULLs -Origin: upstream, https://github.com/apache/httpd/commit/74c097f0, - https://github.com/apache/httpd/commit/6945bb2 -Bug: https://security-tracker.debian.org/tracker/CVE-2021-34798 -Forwarded: not-needed -Reviewed-By: Yadd <yadd@debian.org> -Last-Update: 2021-09-21 - ---- a/server/protocol.c -+++ b/server/protocol.c -@@ -643,6 +643,8 @@ - return end - field; - } - -+static const char m_invalid_str[] = "-"; -+ - static int read_request_line(request_rec *r, apr_bucket_brigade *bb) - { - enum { -@@ -685,6 +687,11 @@ - if (rv != APR_SUCCESS) { - r->request_time = apr_time_now(); - -+ /* Fall through with an invalid (non NULL) request */ -+ r->method = m_invalid_str; -+ r->method_number = M_INVALID; -+ r->uri = r->unparsed_uri = apr_pstrdup(r->pool, "-"); -+ - /* ap_rgetline returns APR_ENOSPC if it fills up the - * buffer before finding the end-of-line. This is only going to - * happen if it exceeds the configured limit for a request-line. -@@ -1330,7 +1337,7 @@ - "request failed: client's request-line exceeds LimitRequestLine (longer than %d)", - r->server->limit_req_line); - } -- else if (r->method == NULL) { -+ else if (r->method == m_invalid_str) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566) - "request failed: malformed request line"); - } |