From 0cc775339f319ec96364909b13e63cafa839ab9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Mon, 10 Jan 2022 18:57:43 +0100 Subject: [PATCH] Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow when parsing multipart content --- httpd-2.4.51-CVE-2021-44790.patch | 10 ++++++++++ httpd.spec | 10 +++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 httpd-2.4.51-CVE-2021-44790.patch diff --git a/httpd-2.4.51-CVE-2021-44790.patch b/httpd-2.4.51-CVE-2021-44790.patch new file mode 100644 index 0000000..ddf4738 --- /dev/null +++ b/httpd-2.4.51-CVE-2021-44790.patch @@ -0,0 +1,10 @@ +--- a/modules/lua/lua_request.c 2021/12/16 11:09:40 1896038 ++++ b/modules/lua/lua_request.c 2021/12/16 11:15:47 1896039 +@@ -410,6 +410,7 @@ + if (end == NULL) break; + key = (char *) apr_pcalloc(r->pool, 256); + filename = (char *) apr_pcalloc(r->pool, 256); ++ if (end - crlf <= 8) break; + vlen = end - crlf - 8; + buffer = (char *) apr_pcalloc(r->pool, vlen+1); + memcpy(buffer, crlf + 4, vlen); diff --git a/httpd.spec b/httpd.spec index 8d5b172..0cb20be 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.51 -Release: 4%{?dist} +Release: 5%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc @@ -109,6 +109,8 @@ Patch65: httpd-2.4.51-r1877397.patch Patch66: httpd-2.4.51-r1892413+.patch # Security fixes +# https://bugzilla.redhat.com/show_bug.cgi?id=2034674 +Patch200: httpd-2.4.51-CVE-2021-44790.patch License: ASL 2.0 BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto @@ -264,6 +266,8 @@ written in the Lua programming language. %patch65 -p1 -b .r1877397 %patch66 -p1 -b .r1892413+ +%patch200 -p1 -b .CVE-2021-44790 + # Patch in the vendor string sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i 's/@RELEASE@/%{release}/' server/core.c @@ -809,6 +813,10 @@ exit $rv %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Mon Jan 10 2022 Luboš Uhliarik - 2.4.51-5 +- Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow + when parsing multipart content + * Mon Dec 06 2021 Neal Gompa - 2.4.51-4 - Use NAME from os-release(5) for vendor string Resolves: #2029071 - httpd on CentOS identifies as RHEL