apache2/httpd-2.4.9-bnc690734.patch

Index: server/util_script.c
===================================================================
--- server/util_script.c.orig	2015-06-25 09:15:54.539638460 +0200
+++ server/util_script.c	2015-06-25 09:20:48.554424220 +0200
@@ -422,11 +422,20 @@
     apr_table_t *cookie_table;
     int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
     int first_header = 1;
+    int wlen;
 
     if (buffer) {
         *buffer = '\0';
     }
-    w = buffer ? buffer : x;
+
+    if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+        w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+        wlen = r->server->limit_req_fieldsize + 2;
+    } else {
+        w = buffer ? buffer : x;
+        wlen = MAX_STRING_LEN;
+    }
+
 
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
@@ -442,7 +451,7 @@
 
     while (1) {
 
-        int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+        int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
         if (rv == 0) {
             const char *msg = "Premature end of script headers";
             if (first_header)
@@ -555,10 +564,13 @@
         if (!(l = strchr(w, ':'))) {
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
+                while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
                     continue;
                 }
-            }
+            } else if (w != buffer) {
+		strncpy(buffer, w, MAX_STRING_LEN - 1);
+		buffer[MAX_STRING_LEN - 1] = 0;
+	    }
 
             ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
                           "malformed header from script '%s': Bad header: %.30s",
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`Index: server/util_script.c`
			`===================================================================`
			`--- server/util_script.c.orig 2015-06-25 09:15:54.539638460 +0200`
			`+++ server/util_script.c 2015-06-25 09:20:48.554424220 +0200`
			`@@ -422,11 +422,20 @@`
			`apr_table_t *cookie_table;`
			`int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);`
			`int first_header = 1;`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00			`+ int wlen;`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00			`if (buffer) {`
			`*buffer = '\0';`
			`}`
			`- w = buffer ? buffer : x;`
			`+`
			`+ if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {`
			`+ w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);`
			`+ wlen = r->server->limit_req_fieldsize + 2;`
			`+ } else {`
			`+ w = buffer ? buffer : x;`
			`+ wlen = MAX_STRING_LEN;`
			`+ }`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`+`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00
			`/* temporary place to hold headers to merge in later */`
			`merge = apr_table_make(r->pool, 10);`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`@@ -442,7 +451,7 @@`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00
			`while (1) {`

			`- int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);`
			`+ int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);`
			`if (rv == 0) {`
Accepting request 129508 from home:elvigia:branches:Apache - Upgrade to apache 2.4.2 ** ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html OBS-URL: https://build.opensuse.org/request/show/129508 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370 2012-08-01 01:54:19 +00:00			`const char *msg = "Premature end of script headers";`
			`if (first_header)`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`@@ -555,10 +564,13 @@`
Accepting request 129508 from home:elvigia:branches:Apache - Upgrade to apache 2.4.2 ** ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html OBS-URL: https://build.opensuse.org/request/show/129508 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370 2012-08-01 01:54:19 +00:00			`if (!(l = strchr(w, ':'))) {`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00			`if (!buffer) {`
			`/* Soak up all the script output - may save an outright kill */`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`- while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00			`+ while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {`
			`continue;`
			`}`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`- }`
			`+ } else if (w != buffer) {`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00			`+ strncpy(buffer, w, MAX_STRING_LEN - 1);`
			`+ buffer[MAX_STRING_LEN - 1] = 0;`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`+ }`
Accepting request 110180 from home:adrianSuSE:branches:Apache patch seems to be lost, we require it on our OBS installations OBS-URL: https://build.opensuse.org/request/show/110180 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361 2012-03-20 18:13:21 +00:00
Accepting request 129508 from home:elvigia:branches:Apache - Upgrade to apache 2.4.2 ** ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html OBS-URL: https://build.opensuse.org/request/show/129508 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370 2012-08-01 01:54:19 +00:00			`ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR\|APLOG_TOCLIENT, 0, r,`
Accepting request 316550 from home:pgajdos - access_compat shared also for 11sp3 - apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names - apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch - a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE=<instance_name> environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@<instance_name> (see README-instances.txt for details) - provides suse_maintenance_mmn symbol [bnc#915666] (internal) - credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service OBS-URL: https://build.opensuse.org/request/show/316550 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453 2015-07-14 09:04:22 +00:00			`"malformed header from script '%s': Bad header: %.30s",`