packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!69 bugfix CVE-2021-44790

Browse Source 
Merge pull request !69 from orange-snn/master
This commit is contained in:
openeuler-ci-bot 2021-12-29 06:10:06 +00:00 committed by Gitee
commit 6036ee34bd
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backport-CVE-2021-44790.patch Normal file
View File

@ -0,0 +1,29 @@
From 07b9768cef6a224d256358c404c6ed5622d8acce Mon Sep 17 00:00:00 2001
From: Stefan Eissing <icing@apache.org>
Date: Thu, 16 Dec 2021 11:15:47 +0000
Subject: [PATCH] Merge r1895970 from trunk:
*) mod_lua: Improve error handling
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1896039 13f79535-47bb-0310-9956-ffa450edef68
---
modules/lua/lua_request.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
index 67ff432..493b2bb 100644
--- a/modules/lua/lua_request.c
+++ b/modules/lua/lua_request.c
@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
if (end == NULL) break;
key = (char *) apr_pcalloc(r->pool, 256);
filename = (char *) apr_pcalloc(r->pool, 256);
+ if (end - crlf <= 8) break;
vlen = end - crlf - 8;
buffer = (char *) apr_pcalloc(r->pool, vlen+1);
memcpy(buffer, crlf + 4, vlen);
--
1.8.3.1

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.48 Version: 2.4.48
Release: 4 Release: 5
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -79,6 +79,7 @@ Patch26: backport-001-CVE-2021-39275.patch
Patch27: backport-002-CVE-2021-39275.patch Patch27: backport-002-CVE-2021-39275.patch
Patch28: backport-fix-int-overflow-in-ap_timeout_parameter_parse.patch Patch28: backport-fix-int-overflow-in-ap_timeout_parameter_parse.patch
Patch29: backport-Improve-fix-to-please-a-fuzzer-which-reports-overflow.patch Patch29: backport-Improve-fix-to-please-a-fuzzer-which-reports-overflow.patch
Patch30: backport-CVE-2021-44790.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -511,6 +512,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Wed Dec 29 2021 orange-snn <songnannan2@huawei.com> - 2.4.48-5
- Type:cves
- ID:NA
- SUG:restart
- DESC:fix CVE-2021-44224
* Fri Nov 05 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.48-4 * Fri Nov 05 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.48-4
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA