1 files changed, 0 insertions, 125 deletions

diff --git a/debian/patches/CVE-2022-37436.patch b/debian/patches/CVE-2022-37436.patch
deleted file mode 100644
index a123959..0000000
--- a/debian/patches/CVE-2022-37436.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 8b6d55f6a047acf62675e32606b037f5eea8ccc7 Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@apache.org>
-Date: Tue, 10 Jan 2023 13:20:09 +0000
-Subject: [PATCH] Merge r1906539 from trunk:
-
-fail on bad header
-
-Submitted By: covener
-Reviewed By: covener, rpluem, gbechis
-
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906541 13f79535-47bb-0310-9956-ffa450edef68
----
- modules/proxy/mod_proxy_http.c | 46 ++++++++++++++++++++--------------
- server/protocol.c              |  2 ++
- 2 files changed, 29 insertions(+), 19 deletions(-)
-
---- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -1011,7 +1011,7 @@
-  * any sense at all, since we depend on buffer still containing
-  * what was read by ap_getline() upon return.
-  */
--static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
-+static apr_status_t ap_proxy_read_headers(request_rec *r, request_rec *rr,
-                                   char *buffer, int size,
-                                   conn_rec *c, int *pread_len)
- {
-@@ -1043,19 +1043,26 @@
-         rc = ap_proxygetline(tmp_bb, buffer, size, rr,
-                              AP_GETLINE_FOLD | AP_GETLINE_NOSPC_EOL, &len);
- 
--        if (len <= 0)
--            break;
- 
--        if (APR_STATUS_IS_ENOSPC(rc)) {
--            /* The header could not fit in the provided buffer, warn.
--             * XXX: falls through with the truncated header, 5xx instead?
--             */
--            int trunc = (len > 128 ? 128 : len) / 2;
--            ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10124)
--                    "header size is over the limit allowed by "
--                    "ResponseFieldSize (%d bytes). "
--                    "Bad response header: '%.*s[...]%s'",
--                    size, trunc, buffer, buffer + len - trunc);
-+        if (rc != APR_SUCCESS) {
-+            if (APR_STATUS_IS_ENOSPC(rc)) {
-+                int trunc = (len > 128 ? 128 : len) / 2;
-+                ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10124)
-+                        "header size is over the limit allowed by "
-+                        "ResponseFieldSize (%d bytes). "
-+                        "Bad response header: '%.*s[...]%s'",
-+                        size, trunc, buffer, buffer + len - trunc);
-+            }
-+            else {
-+                ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10404)
-+                              "Error reading headers from backend");
-+            }
-+            r->headers_out = NULL;
-+            return rc;
-+        }
-+
-+        if (len <= 0) {
-+            break;
-         }
-         else {
-             ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r, "%s", buffer);
-@@ -1078,7 +1085,7 @@
-                 if (psc->badopt == bad_error) {
-                     /* Nope, it wasn't even an extra HTTP header. Give up. */
-                     r->headers_out = NULL;
--                    return;
-+                    return APR_EINVAL;
-                 }
-                 else if (psc->badopt == bad_body) {
-                     /* if we've already started loading headers_out, then
-@@ -1092,13 +1099,13 @@
-                                       "in headers returned by %s (%s)",
-                                       r->uri, r->method);
-                         *pread_len = len;
--                        return;
-+                        return APR_SUCCESS;
-                     }
-                     else {
-                         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01099)
-                                       "No HTTP headers returned by %s (%s)",
-                                       r->uri, r->method);
--                        return;
-+                        return APR_SUCCESS;
-                     }
-                 }
-             }
-@@ -1128,6 +1135,7 @@
-         process_proxy_header(r, dconf, buffer, value);
-         saw_headers = 1;
-     }
-+    return APR_SUCCESS;
- }
- 
- 
-@@ -1398,10 +1406,10 @@
-                          "Set-Cookie", NULL);
- 
-             /* shove the headers direct into r->headers_out */
--            ap_proxy_read_headers(r, backend->r, buffer, response_field_size, origin,
--                                  &pread_len);
-+            rc = ap_proxy_read_headers(r, backend->r, buffer, response_field_size,
-+                                       origin, &pread_len);
- 
--            if (r->headers_out == NULL) {
-+            if (rc != APR_SUCCESS || r->headers_out == NULL) {
-                 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01106)
-                               "bad HTTP/%d.%d header returned by %s (%s)",
-                               major, minor, r->uri, r->method);
---- a/server/protocol.c
-+++ b/server/protocol.c
-@@ -508,6 +508,8 @@
-         /* PR#43039: We shouldn't accept NULL bytes within the line */
-         bytes_handled = strlen(*s);
-         if (bytes_handled < *read) {
-+            ap_log_data(APLOG_MARK, APLOG_DEBUG, ap_server_conf,
-+                        "NULL bytes in header", *s, *read, 0);
-             *read = bytes_handled;
-             if (rv == APR_SUCCESS) {
-                 rv = APR_EINVAL;