packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allocate a heap buffer if the configured size is greater than the stack-allocated buffer

Browse Source
This commit is contained in:
zhangyaqi 2024-05-22 16:22:56 +08:00
parent bb02d25be8
commit c88453fff4
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
backport-only-allocate-a-heap-heap-buffer.patch Normal file
View File

@ -0,0 +1,33 @@
From aa86530aec72e5de24227dbe2054cd713fb3d3f5 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Wed, 8 May 2024 12:44:52 +0000
Subject: [PATCH] * modules/proxy/mod_proxy_fcgi.c (dispatch): Only allocate a
heap buffer if the configured size is greater than the stack-allocated
buffer.
Reference: https://github.com/apache/httpd/commit/aa86530aec72e5de24227dbe2054cd713fb3d3f5
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917576 13f79535-47bb-0310-9956-ffa450edef68
---
modules/proxy/mod_proxy_fcgi.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 831bd15..ee7d24f 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -569,7 +569,11 @@ static apr_status_t dispatch(proxy_conn_rec *conn, proxy_dir_conf *conf,
*err = NULL;
if (conn->worker->s->io_buffer_size_set) {
iobuf_size = conn->worker->s->io_buffer_size;
- iobuf = apr_palloc(r->pool, iobuf_size);
+ /* Allocate a buffer if the configured size is larger than the
+ * stack buffer, otherwise use the stack buffer. */
+ if (iobuf_size > AP_IOBUFSIZE) {
+ iobuf = apr_palloc(r->pool, iobuf_size);
+ }
}
pfd.desc_type = APR_POLL_SOCKET;
--
2.27.0

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.58 Version: 2.4.58
Release: 2 Release: 3
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -76,6 +76,7 @@ Patch22: backport-CVE-2024-24795-let-httpd-handle-CL-TE-for-non-http-ha
Patch23: backport-CVE-2023-38709-header-validation-after-content.patch Patch23: backport-CVE-2023-38709-header-validation-after-content.patch
Patch24: backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch Patch24: backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch
Patch25: backport-remove-dependency-on-xmlstring-header.patch Patch25: backport-remove-dependency-on-xmlstring-header.patch
Patch26: backport-only-allocate-a-heap-heap-buffer.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -512,6 +513,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Wed May 22 2024 zhangyaqi <zhagnyaqi@kylinos.cn> - 2.4.58-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:allocate a heap buffer if the configured size is greater than the stack-allocated buffer.
* Mon May 06 2024 chengyechun <chengyechun1@huaiwe.com> - 2.4.58-2 * Mon May 06 2024 chengyechun <chengyechun1@huaiwe.com> - 2.4.58-2
- Type:CVE - Type:CVE
- ID:CVE-2024-24795,CVE-2023-38709,CVE-2024-27316 - ID:CVE-2024-24795,CVE-2023-38709,CVE-2024-27316