1 files changed, 39 insertions, 0 deletions

diff --git a/debian/patches/CVE-2022-26377.patch b/debian/patches/CVE-2022-26377.patch
new file mode 100644
index 0000000..af59776
--- /dev/null
+++ b/debian/patches/CVE-2022-26377.patch
@@ -0,0 +1,39 @@
+From f7f15f3d8bfe3032926c8c39eb8434529f680bd4 Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Wed, 1 Jun 2022 13:48:21 +0000
+Subject: [PATCH] mod_proxy_ajp: T-E has precedence over C-L.
+
+Merge r1901521 from trunk.
+Submitted by: rpluem
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901522 13f79535-47bb-0310-9956-ffa450edef68
+Origin: https://github.com/apache/httpd/commit/f7f15f3d8bfe3032926c8c39eb8434529f680bd4
+---
+ modules/proxy/mod_proxy_ajp.c |   15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -245,9 +245,18 @@
+     /* read the first bloc of data */
+     input_brigade = apr_brigade_create(p, r->connection->bucket_alloc);
+     tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
+-    if (tenc && (strcasecmp(tenc, "chunked") == 0)) {
+-        /* The AJP protocol does not want body data yet */
+-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00870) "request is chunked");
++    if (tenc) {
++        if (strcasecmp(tenc, "chunked") == 0) {
++            /* The AJP protocol does not want body data yet */
++            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00870)
++                          "request is chunked");
++        }
++        else {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10396)
++                          "%s Transfer-Encoding is not supported",
++                          tenc);
++            return HTTP_INTERNAL_SERVER_ERROR;
++        }
+     } else {
+         /* Get client provided Content-Length header */
+         content_length = get_content_length(r);