apache2/apache2-LimitRequestFieldSize-limits-headers.patch

Index: httpd-2.4.46/server/util_script.c
===================================================================
--- httpd-2.4.46.orig/server/util_script.c	2020-07-20 07:58:49.000000000 +0200
+++ httpd-2.4.46/server/util_script.c	2020-11-10 16:10:54.525476516 +0100
@@ -468,11 +468,20 @@ AP_DECLARE(int) ap_scan_script_header_er
     apr_table_t *cookie_table;
     int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
     int first_header = 1;
+    int wlen;
 
     if (buffer) {
         *buffer = '\0';
     }
-    w = buffer ? buffer : x;
+
+    if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+        w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+        wlen = r->server->limit_req_fieldsize + 2;
+    } else {
+        w = buffer ? buffer : x;
+        wlen = MAX_STRING_LEN;
+    }
+
 
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
@@ -488,7 +497,7 @@ AP_DECLARE(int) ap_scan_script_header_er
 
     while (1) {
 
-        int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+        int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
         if (rv == 0) {
             const char *msg = "Premature end of script headers";
             if (first_header)
@@ -603,10 +612,13 @@ AP_DECLARE(int) ap_scan_script_header_er
         if (!(l = strchr(w, ':'))) {
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
+                while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
                     continue;
                 }
-            }
+            } else if (w != buffer) {
+		strncpy(buffer, w, MAX_STRING_LEN - 1);
+		buffer[MAX_STRING_LEN - 1] = 0;
+	    }
 
             /* Intentional no APLOGNO */
             ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,