Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow

when parsing multipart content
This commit is contained in:
Luboš Uhliarik 2022-01-10 18:57:43 +01:00
parent ec4da30e9b
commit 0cc775339f
2 changed files with 19 additions and 1 deletions

View File

@ -0,0 +1,10 @@
--- a/modules/lua/lua_request.c 2021/12/16 11:09:40 1896038
+++ b/modules/lua/lua_request.c 2021/12/16 11:15:47 1896039
@@ -410,6 +410,7 @@
if (end == NULL) break;
key = (char *) apr_pcalloc(r->pool, 256);
filename = (char *) apr_pcalloc(r->pool, 256);
+ if (end - crlf <= 8) break;
vlen = end - crlf - 8;
buffer = (char *) apr_pcalloc(r->pool, vlen+1);
memcpy(buffer, crlf + 4, vlen);

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.51
Release: 4%{?dist}
Release: 5%{?dist}
URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -109,6 +109,8 @@ Patch65: httpd-2.4.51-r1877397.patch
Patch66: httpd-2.4.51-r1892413+.patch
# Security fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=2034674
Patch200: httpd-2.4.51-CVE-2021-44790.patch
License: ASL 2.0
BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
@ -264,6 +266,8 @@ written in the Lua programming language.
%patch65 -p1 -b .r1877397
%patch66 -p1 -b .r1892413+
%patch200 -p1 -b .CVE-2021-44790
# Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
sed -i 's/@RELEASE@/%{release}/' server/core.c
@ -809,6 +813,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-5
- Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
when parsing multipart content
* Mon Dec 06 2021 Neal Gompa <ngompa@centosproject.org> - 2.4.51-4
- Use NAME from os-release(5) for vendor string
Resolves: #2029071 - httpd on CentOS identifies as RHEL