diff options
Diffstat (limited to 'debian/patches/CVE-2022-23943-2.patch')
-rw-r--r-- | debian/patches/CVE-2022-23943-2.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-23943-2.patch b/debian/patches/CVE-2022-23943-2.patch new file mode 100644 index 0000000..bcf883c --- /dev/null +++ b/debian/patches/CVE-2022-23943-2.patch @@ -0,0 +1,63 @@ +From e266bd09c313a668d7cca17a8b096d189148be49 Mon Sep 17 00:00:00 2001 +From: Ruediger Pluem <rpluem@apache.org> +Date: Wed, 9 Mar 2022 07:41:40 +0000 +Subject: [PATCH] Merge r1898735 from trunk: + +* Improve the logic flow + +Reviewed by: rpluem, covener, ylavic + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1898772 13f79535-47bb-0310-9956-ffa450edef68 +--- + modules/filters/mod_sed.c | 30 +++++++++++++++++++----------- + 1 file changed, 19 insertions(+), 11 deletions(-) + +diff --git a/modules/filters/mod_sed.c b/modules/filters/mod_sed.c +index 7092dd5e7f..4bdb4ce33a 100644 +--- a/modules/filters/mod_sed.c ++++ b/modules/filters/mod_sed.c +@@ -168,21 +168,29 @@ static apr_status_t sed_write_output(void *dummy, char *buf, apr_size_t sz) + } + /* buffer is now full */ + status = append_bucket(ctx, ctx->outbuf, ctx->bufsize); +- /* old buffer is now used so allocate new buffer */ +- alloc_outbuf(ctx); +- /* if size is bigger than the allocated buffer directly add to output +- * brigade */ +- if ((status == APR_SUCCESS) && (sz >= ctx->bufsize)) { +- char* newbuf = apr_pmemdup(ctx->tpool, buf, sz); +- status = append_bucket(ctx, newbuf, sz); +- /* pool might get clear after append_bucket */ +- if (ctx->outbuf == NULL) { ++ if (status == APR_SUCCESS) { ++ /* if size is bigger than the allocated buffer directly add to output ++ * brigade */ ++ if (sz >= ctx->bufsize) { ++ char* newbuf = apr_pmemdup(ctx->tpool, buf, sz); ++ status = append_bucket(ctx, newbuf, sz); ++ if (status == APR_SUCCESS) { ++ /* old buffer is now used so allocate new buffer */ ++ alloc_outbuf(ctx); ++ } ++ else { ++ clear_ctxpool(ctx); ++ } ++ } ++ else { ++ /* old buffer is now used so allocate new buffer */ + alloc_outbuf(ctx); ++ memcpy(ctx->curoutbuf, buf, sz); ++ ctx->curoutbuf += sz; + } + } + else { +- memcpy(ctx->curoutbuf, buf, sz); +- ctx->curoutbuf += sz; ++ clear_ctxpool(ctx); + } + } + else { +-- +2.30.2 + |