1 files changed, 27 insertions, 0 deletions

diff --git a/debian/patches/CVE-2020-35452.patch b/debian/patches/CVE-2020-35452.patch
new file mode 100644
index 0000000..5204210
--- /dev/null
+++ b/debian/patches/CVE-2020-35452.patch
@@ -0,0 +1,27 @@
+Description: <short summary of the patch>
+Author: Apache authors
+Origin: upstream, https://github.com/apache/httpd/commit/3b6431e
+Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/modules/aaa/mod_auth_digest.c
++++ b/modules/aaa/mod_auth_digest.c
+@@ -1422,9 +1422,14 @@
+     time_rec nonce_time;
+     char tmp, hash[NONCE_HASH_LEN+1];
+ 
+-    if (strlen(resp->nonce) != NONCE_LEN) {
++    /* Since the time part of the nonce is a base64 encoding of an
++     * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
++     */
++    if (strlen(resp->nonce) != NONCE_LEN
++            || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
+         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
+-                      "invalid nonce %s received - length is not %d",
++                      "invalid nonce '%s' received - length is not %d "
++                      "or time encoding is incorrect",
+                       resp->nonce, NONCE_LEN);
+         note_digest_auth_failure(r, conf, resp, 1);
+         return HTTP_UNAUTHORIZED;