diff options
Diffstat (limited to 'debian/patches/CVE-2021-36160-2.patch')
| -rw-r--r-- | debian/patches/CVE-2021-36160-2.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/debian/patches/CVE-2021-36160-2.patch b/debian/patches/CVE-2021-36160-2.patch deleted file mode 100644 index cad5774..0000000 --- a/debian/patches/CVE-2021-36160-2.patch +++ /dev/null @@ -1,32 +0,0 @@ -Description: mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. - Relaxes the behaviour introduced by the CVE-2021-36160 fix -Author: Stefan Eissing <icing@apache.org> -Origin: upstream, https://github.com/apache/httpd/commit/8966e290a -Forwarded: not-needed -Reviewed-By: Yadd <yadd@debian.org> -Last-Update: 2021-12-21 - ---- a/modules/proxy/mod_proxy_uwsgi.c -+++ b/modules/proxy/mod_proxy_uwsgi.c -@@ -467,11 +467,20 @@ - - /* ADD PATH_INFO (unescaped) */ - u_path_info = ap_strchr(url + sizeof(UWSGI_SCHEME) + 2, '/'); -- if (!u_path_info || ap_unescape_url(u_path_info) != OK) { -+ if (!u_path_info) { -+ u_path_info = apr_pstrdup(r->pool, "/"); -+ } -+ else if (ap_unescape_url(u_path_info) != OK) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10100) - "unable to decode uwsgi uri: %s", url); - return HTTP_INTERNAL_SERVER_ERROR; - } -+ else { -+ /* Remove duplicate slashes at the beginning of PATH_INFO */ -+ while (u_path_info[1] == '/') { -+ u_path_info++; -+ } -+ } - apr_table_add(r->subprocess_env, "PATH_INFO", u_path_info); - - |