diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
commit | 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch) | |
tree | b453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2020-11984.patch | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-debian.tar.xz apache2-debian.zip |
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2020-11984.patch')
-rw-r--r-- | debian/patches/CVE-2020-11984.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/patches/CVE-2020-11984.patch b/debian/patches/CVE-2020-11984.patch new file mode 100644 index 0000000..409f958 --- /dev/null +++ b/debian/patches/CVE-2020-11984.patch @@ -0,0 +1,45 @@ +Description: fix error out on HTTP header larger than 16K + The uwsgi protocol does not let us serialize more than 16K of HTTP header, + so fail early with 500 if it happens. +Author: ylavic +Origin: upstream, https://github.com/apache/httpd/commit/0c543e3f +Bug: https://security-tracker.debian.org/tracker/CVE-2020-11984 +Forwarded: not-needed +Reviewed-By: Xavier Guimard <yadd@debian.org> +Last-Update: 2020-08-25 + +--- a/modules/proxy/mod_proxy_uwsgi.c ++++ b/modules/proxy/mod_proxy_uwsgi.c +@@ -136,7 +136,7 @@ + int j; + + apr_size_t headerlen = 4; +- apr_uint16_t pktsize, keylen, vallen; ++ apr_size_t pktsize, keylen, vallen; + const char *script_name; + const char *path_info; + const char *auth; +@@ -177,6 +177,14 @@ + for (j = 0; j < env_table->nelts; ++j) { + headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val); + } ++ pktsize = headerlen - 4; ++ if (pktsize > APR_UINT16_MAX) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259) ++ "can't send headers to %s:%u: packet size too " ++ "large (%" APR_SIZE_T_FMT ")", ++ conn->hostname, conn->port, pktsize); ++ return HTTP_INTERNAL_SERVER_ERROR; ++ } + + ptr = buf = apr_palloc(r->pool, headerlen); + +@@ -196,8 +204,6 @@ + ptr += vallen; + } + +- pktsize = headerlen - 4; +- + buf[0] = 0; + buf[1] = (apr_byte_t) (pktsize & 0xff); + buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff); |