summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-44790.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/CVE-2021-44790.patch')
-rw-r--r--debian/patches/CVE-2021-44790.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-44790.patch b/debian/patches/CVE-2021-44790.patch
new file mode 100644
index 0000000..dbba745
--- /dev/null
+++ b/debian/patches/CVE-2021-44790.patch
@@ -0,0 +1,18 @@
+Description: Improve error handling
+Author: Stefan Eissing <icing@apache.org>
+Origin: upstream, https://github.com/apache/httpd/commit/07b9768c
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-44790
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-12-21
+
+--- a/modules/lua/lua_request.c
++++ b/modules/lua/lua_request.c
+@@ -376,6 +376,7 @@
+ if (end == NULL) break;
+ key = (char *) apr_pcalloc(r->pool, 256);
+ filename = (char *) apr_pcalloc(r->pool, 256);
++ if (end - crlf <= 8) break;
+ vlen = end - crlf - 8;
+ buffer = (char *) apr_pcalloc(r->pool, vlen+1);
+ memcpy(buffer, crlf + 4, vlen);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 05:28:25 +0000