Petr Gajdos
02a733cd83
- modified patches
% apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed)
- modified sources
% apache2-loadmodule.conf
% apache2-manual.conf
% apache2-script-helpers
% apache2@.service
% sysconfig.apache2
- deleted patches
- deprecated-scripts-arch.patch (not needed)
- httpd-2.0.54-envvars.dif (not needed)
- httpd-2.1.3alpha-layout.dif
(renamed to apache2-system-dirs-layout.patch)
- httpd-2.2.0-apxs-a2enmod.dif (not needed)
- httpd-2.4.9-bnc690734.patch
(renamed to apache2-LimitRequestFieldSize-limits-headers.patch)
- httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
(renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch)
- httpd-2.x.x-logresolve.patch
(renamed to apache2-logresolve-tmp-security.patch)
- httpd-apachectl.patch
(renamed to apache2-apachectl.patch)
- httpd-implicit-pointer-decl.patch (not needed)
- httpd-visibility.patch (not needed)
- deleted sources
- SUSE-NOTICE (outdated)
- a2enflag (renamed to apache2-a2enflag)
- a2enmod (renamed to apache2-a2enmod)
- apache-22-24-upgrade (outdated)
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=624
52 lines
1.9 KiB
Diff
52 lines
1.9 KiB
Diff
Index: httpd-2.4.46/server/util_script.c
|
|
===================================================================
|
|
--- httpd-2.4.46.orig/server/util_script.c 2020-07-20 07:58:49.000000000 +0200
|
|
+++ httpd-2.4.46/server/util_script.c 2020-11-10 16:10:54.525476516 +0100
|
|
@@ -468,11 +468,20 @@ AP_DECLARE(int) ap_scan_script_header_er
|
|
apr_table_t *cookie_table;
|
|
int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
|
|
int first_header = 1;
|
|
+ int wlen;
|
|
|
|
if (buffer) {
|
|
*buffer = '\0';
|
|
}
|
|
- w = buffer ? buffer : x;
|
|
+
|
|
+ if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
|
|
+ w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
|
|
+ wlen = r->server->limit_req_fieldsize + 2;
|
|
+ } else {
|
|
+ w = buffer ? buffer : x;
|
|
+ wlen = MAX_STRING_LEN;
|
|
+ }
|
|
+
|
|
|
|
/* temporary place to hold headers to merge in later */
|
|
merge = apr_table_make(r->pool, 10);
|
|
@@ -488,7 +497,7 @@ AP_DECLARE(int) ap_scan_script_header_er
|
|
|
|
while (1) {
|
|
|
|
- int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
|
|
+ int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
|
|
if (rv == 0) {
|
|
const char *msg = "Premature end of script headers";
|
|
if (first_header)
|
|
@@ -603,10 +612,13 @@ AP_DECLARE(int) ap_scan_script_header_er
|
|
if (!(l = strchr(w, ':'))) {
|
|
if (!buffer) {
|
|
/* Soak up all the script output - may save an outright kill */
|
|
- while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
|
|
+ while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
|
|
continue;
|
|
}
|
|
- }
|
|
+ } else if (w != buffer) {
|
|
+ strncpy(buffer, w, MAX_STRING_LEN - 1);
|
|
+ buffer[MAX_STRING_LEN - 1] = 0;
|
|
+ }
|
|
|
|
/* Intentional no APLOGNO */
|
|
ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
|