summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2019-0220-2.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2019-0220-2.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/debian/patches/CVE-2019-0220-2.patch b/debian/patches/CVE-2019-0220-2.patch
new file mode 100644
index 0000000..0204259
--- /dev/null
+++ b/debian/patches/CVE-2019-0220-2.patch
@@ -0,0 +1,50 @@
+From c4ef468b25718a26f2b92cbea3ca093729b79331 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 18 Mar 2019 12:10:15 +0000
+Subject: [PATCH] merge 1855743,1855744 ^/httpd/httpd/trunk .
+
+r->parsed_uri.path safety in recent backport
+
+*) core: fix SEGFAULT in CONNECT with recent change
+ 2.4.x: svn merge -c 1855743,1855744 ^/httpd/httpd/trunk .
+ +1: rpluem, icing, covener
+
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855751 13f79535-47bb-0310-9956-ffa450edef68
+---
+ server/request.c | 4 +++-
+ server/util.c | 4 ++++
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/server/request.c b/server/request.c
+index 1ce8908824b..d5c558afa30 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -195,7 +195,9 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
+ ap_getparents(r->uri); /* OK --- shrinking transformations... */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ ap_no2slash(r->uri);
+- ap_no2slash(r->parsed_uri.path);
++ if (r->parsed_uri.path) {
++ ap_no2slash(r->parsed_uri.path);
++ }
+ }
+
+ /* All file subrequests are a huge pain... they cannot bubble through the
+diff --git a/server/util.c b/server/util.c
+index 607c4850d86..f3b17f1581e 100644
+--- a/server/util.c
++++ b/server/util.c
+@@ -566,6 +566,10 @@ AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
+
+ char *d, *s;
+
++ if (!name || !*name) {
++ return;
++ }
++
+ s = d = name;
+
+ #ifdef HAVE_UNC_PATHS