diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/CVE-2022-29404.patch | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/debian/patches/CVE-2022-29404.patch b/debian/patches/CVE-2022-29404.patch deleted file mode 100644 index 259e920..0000000 --- a/debian/patches/CVE-2022-29404.patch +++ /dev/null @@ -1,82 +0,0 @@ -From ce259c4061905bf834f9af51c92456cfe8335ddc Mon Sep 17 00:00:00 2001 -From: Eric Covener <covener@apache.org> -Date: Wed, 1 Jun 2022 12:31:48 +0000 -Subject: [PATCH] Merge r1901497 from trunk: - -use a liberal default limit for LimitRequestBody of 1GB - - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901499 13f79535-47bb-0310-9956-ffa450edef68 -Origin: https://github.com/apache/httpd/commit/ce259c4061905bf834f9af51c92456cfe8335ddc ---- - modules/http/http_filters.c | 6 ++++++ - modules/proxy/mod_proxy_http.c | 14 -------------- - server/core.c | 2 +- - 3 files changed, 7 insertions(+), 15 deletions(-) - ---- a/modules/http/http_filters.c -+++ b/modules/http/http_filters.c -@@ -1657,6 +1657,7 @@ - { - const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); - const char *lenp = apr_table_get(r->headers_in, "Content-Length"); -+ apr_off_t limit_req_body = ap_get_limit_req_body(r); - - r->read_body = read_policy; - r->read_chunked = 0; -@@ -1695,6 +1696,11 @@ - return HTTP_REQUEST_ENTITY_TOO_LARGE; - } - -+ if (limit_req_body > 0 && (r->remaining > limit_req_body)) { -+ /* will be logged when the body is discarded */ -+ return HTTP_REQUEST_ENTITY_TOO_LARGE; -+ } -+ - #ifdef AP_DEBUG - { - /* Make sure ap_getline() didn't leave any droppings. */ ---- a/server/core.c -+++ b/server/core.c -@@ -61,7 +61,7 @@ - - /* LimitRequestBody handling */ - #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) --#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -+#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ - - /* LimitXMLRequestBody handling */ - #define AP_LIMIT_UNSET ((long) -1) ---- a/modules/proxy/mod_proxy_http.c -+++ b/modules/proxy/mod_proxy_http.c -@@ -512,12 +512,9 @@ - apr_bucket *e; - apr_off_t bytes, bytes_spooled = 0, fsize = 0; - apr_file_t *tmpfile = NULL; -- apr_off_t limit; - - body_brigade = apr_brigade_create(p, bucket_alloc); - -- limit = ap_get_limit_req_body(r); -- - while (!APR_BUCKET_IS_EOS(APR_BRIGADE_FIRST(input_brigade))) - { - /* If this brigade contains EOS, either stop or remove it. */ -@@ -532,17 +529,6 @@ - apr_brigade_length(input_brigade, 1, &bytes); - - if (bytes_spooled + bytes > MAX_MEM_SPOOL) { -- /* -- * LimitRequestBody does not affect Proxy requests (Should it?). -- * Let it take effect if we decide to store the body in a -- * temporary file on disk. -- */ -- if (limit && (bytes_spooled + bytes > limit)) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01088) -- "Request body is larger than the configured " -- "limit of %" APR_OFF_T_FMT, limit); -- return HTTP_REQUEST_ENTITY_TOO_LARGE; -- } - /* can't spool any more in memory; write latest brigade to disk */ - if (tmpfile == NULL) { - const char *temp_dir; |