1 files changed, 40 insertions, 0 deletions

diff --git a/debian/patches/CVE-2021-34798.patch b/debian/patches/CVE-2021-34798.patch
new file mode 100644
index 0000000..bd6261a
--- /dev/null
+++ b/debian/patches/CVE-2021-34798.patch
@@ -0,0 +1,40 @@
+Description: Initialize the request fields on read failure to avoid NULLs
+Origin: upstream, https://github.com/apache/httpd/commit/74c097f0,
+ https://github.com/apache/httpd/commit/6945bb2
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-34798
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-09-21
+
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -643,6 +643,8 @@
+     return end - field;
+ }
+ 
++static const char m_invalid_str[] = "-";
++
+ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
+ {
+     enum {
+@@ -685,6 +687,11 @@
+         if (rv != APR_SUCCESS) {
+             r->request_time = apr_time_now();
+ 
++            /* Fall through with an invalid (non NULL) request */
++            r->method = m_invalid_str;
++            r->method_number = M_INVALID;
++            r->uri = r->unparsed_uri = apr_pstrdup(r->pool, "-");
++
+             /* ap_rgetline returns APR_ENOSPC if it fills up the
+              * buffer before finding the end-of-line.  This is only going to
+              * happen if it exceeds the configured limit for a request-line.
+@@ -1330,7 +1337,7 @@
+                               "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
+                               r->server->limit_req_line);
+             }
+-            else if (r->method == NULL) {
++            else if (r->method == m_invalid_str) {
+                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00566)
+                               "request failed: malformed request line");
+             }