From 1221c736f9a90756d47ea6d28320b6b83602dd2a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 7 May 2024 04:04:07 +0200 Subject: Adding debian version 2.4.38-3+deb10u8. Signed-off-by: Daniel Baumann --- debian/patches/CVE-2020-11984.patch | 45 +++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 debian/patches/CVE-2020-11984.patch (limited to 'debian/patches/CVE-2020-11984.patch') diff --git a/debian/patches/CVE-2020-11984.patch b/debian/patches/CVE-2020-11984.patch new file mode 100644 index 0000000..409f958 --- /dev/null +++ b/debian/patches/CVE-2020-11984.patch @@ -0,0 +1,45 @@ +Description: fix error out on HTTP header larger than 16K + The uwsgi protocol does not let us serialize more than 16K of HTTP header, + so fail early with 500 if it happens. +Author: ylavic +Origin: upstream, https://github.com/apache/httpd/commit/0c543e3f +Bug: https://security-tracker.debian.org/tracker/CVE-2020-11984 +Forwarded: not-needed +Reviewed-By: Xavier Guimard +Last-Update: 2020-08-25 + +--- a/modules/proxy/mod_proxy_uwsgi.c ++++ b/modules/proxy/mod_proxy_uwsgi.c +@@ -136,7 +136,7 @@ + int j; + + apr_size_t headerlen = 4; +- apr_uint16_t pktsize, keylen, vallen; ++ apr_size_t pktsize, keylen, vallen; + const char *script_name; + const char *path_info; + const char *auth; +@@ -177,6 +177,14 @@ + for (j = 0; j < env_table->nelts; ++j) { + headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val); + } ++ pktsize = headerlen - 4; ++ if (pktsize > APR_UINT16_MAX) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259) ++ "can't send headers to %s:%u: packet size too " ++ "large (%" APR_SIZE_T_FMT ")", ++ conn->hostname, conn->port, pktsize); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } + + ptr = buf = apr_palloc(r->pool, headerlen); + +@@ -196,8 +204,6 @@ + ptr += vallen; + } + +- pktsize = headerlen - 4; +- + buf[0] = 0; + buf[1] = (apr_byte_t) (pktsize & 0xff); + buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff); -- cgit v1.2.3