diff options
Diffstat (limited to 'debian/patches/CVE-2021-36160.patch')
| -rw-r--r-- | debian/patches/CVE-2021-36160.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/debian/patches/CVE-2021-36160.patch b/debian/patches/CVE-2021-36160.patch deleted file mode 100644 index fcd8087..0000000 --- a/debian/patches/CVE-2021-36160.patch +++ /dev/null @@ -1,51 +0,0 @@ -Description: mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker -Author: Yann Ylavic <ylavic@apache.org> -Origin: upstream, https://github.com/apache/httpd/commit/b364cad7 -Bug: https://security-tracker.debian.org/tracker/CVE-2021-36160 -Forwarded: not-needed -Reviewed-By: Yadd <yadd@debian.org> -Last-Update: 2021-09-21 - ---- a/modules/proxy/mod_proxy_uwsgi.c -+++ b/modules/proxy/mod_proxy_uwsgi.c -@@ -452,11 +452,8 @@ - const char *proxyname, apr_port_t proxyport) - { - int status; -- int delta = 0; -- int decode_status; - proxy_conn_rec *backend = NULL; - apr_pool_t *p = r->pool; -- size_t w_len; - char server_portstr[32]; - char *u_path_info; - apr_uri_t *uri; -@@ -468,23 +465,14 @@ - - uri = apr_palloc(r->pool, sizeof(*uri)); - -- /* ADD PATH_INFO */ --#if AP_MODULE_MAGIC_AT_LEAST(20111130,0) -- w_len = strlen(worker->s->name); --#else -- w_len = strlen(worker->name); --#endif -- u_path_info = r->filename + 6 + w_len; -- if (u_path_info[0] != '/') { -- delta = 1; -- } -- decode_status = ap_unescape_url(url + w_len - delta); -- if (decode_status) { -+ /* ADD PATH_INFO (unescaped) */ -+ u_path_info = ap_strchr(url + sizeof(UWSGI_SCHEME) + 2, '/'); -+ if (!u_path_info || ap_unescape_url(u_path_info) != OK) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10100) -- "unable to decode uri: %s", url + w_len - delta); -+ "unable to decode uwsgi uri: %s", url); - return HTTP_INTERNAL_SERVER_ERROR; - } -- apr_table_add(r->subprocess_env, "PATH_INFO", url + w_len - delta); -+ apr_table_add(r->subprocess_env, "PATH_INFO", u_path_info); - - - /* Create space for state information */ |