From 1221c736f9a90756d47ea6d28320b6b83602dd2a Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 7 May 2024 04:04:07 +0200
Subject: Adding debian version 2.4.38-3+deb10u8.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/patches/CVE-2021-44790.patch | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 debian/patches/CVE-2021-44790.patch

(limited to 'debian/patches/CVE-2021-44790.patch')

diff --git a/debian/patches/CVE-2021-44790.patch b/debian/patches/CVE-2021-44790.patch
new file mode 100644
index 0000000..dbba745
--- /dev/null
+++ b/debian/patches/CVE-2021-44790.patch
@@ -0,0 +1,18 @@
+Description: Improve error handling
+Author: Stefan Eissing <icing@apache.org>
+Origin: upstream, https://github.com/apache/httpd/commit/07b9768c
+Bug: https://security-tracker.debian.org/tracker/CVE-2021-44790
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-12-21
+
+--- a/modules/lua/lua_request.c
++++ b/modules/lua/lua_request.c
+@@ -376,6 +376,7 @@
+             if (end == NULL) break;
+             key = (char *) apr_pcalloc(r->pool, 256);
+             filename = (char *) apr_pcalloc(r->pool, 256);
++            if (end - crlf <= 8) break;
+             vlen = end - crlf - 8;
+             buffer = (char *) apr_pcalloc(r->pool, vlen+1);
+             memcpy(buffer, crlf + 4, vlen);
-- 
cgit v1.2.3