summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2021-44790.patch
blob: dbba7453a0f6119a4cb3910a777f6a302be8852d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Description: Improve error handling
Author: Stefan Eissing <icing@apache.org>
Origin: upstream, https://github.com/apache/httpd/commit/07b9768c
Bug: https://security-tracker.debian.org/tracker/CVE-2021-44790
Forwarded: not-needed
Reviewed-By: Yadd <yadd@debian.org>
Last-Update: 2021-12-21

--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -376,6 +376,7 @@
             if (end == NULL) break;
             key = (char *) apr_pcalloc(r->pool, 256);
             filename = (char *) apr_pcalloc(r->pool, 256);
+            if (end - crlf <= 8) break;
             vlen = end - crlf - 8;
             buffer = (char *) apr_pcalloc(r->pool, vlen+1);
             memcpy(buffer, crlf + 4, vlen);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 13:28:04 +0000