From 0cc775339f319ec96364909b13e63cafa839ab9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Mon, 10 Jan 2022 18:57:43 +0100
Subject: [PATCH] Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible
 buffer overflow

  when parsing multipart content
---
 httpd-2.4.51-CVE-2021-44790.patch | 10 ++++++++++
 httpd.spec                        | 10 +++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 httpd-2.4.51-CVE-2021-44790.patch

diff --git a/httpd-2.4.51-CVE-2021-44790.patch b/httpd-2.4.51-CVE-2021-44790.patch
new file mode 100644
index 0000000..ddf4738
--- /dev/null
+++ b/httpd-2.4.51-CVE-2021-44790.patch
@@ -0,0 +1,10 @@
+--- a/modules/lua/lua_request.c	2021/12/16 11:09:40	1896038
++++ b/modules/lua/lua_request.c	2021/12/16 11:15:47	1896039
+@@ -410,6 +410,7 @@
+             if (end == NULL) break;
+             key = (char *) apr_pcalloc(r->pool, 256);
+             filename = (char *) apr_pcalloc(r->pool, 256);
++            if (end - crlf <= 8) break;
+             vlen = end - crlf - 8;
+             buffer = (char *) apr_pcalloc(r->pool, vlen+1);
+             memcpy(buffer, crlf + 4, vlen);
diff --git a/httpd.spec b/httpd.spec
index 8d5b172..0cb20be 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.51
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -109,6 +109,8 @@ Patch65: httpd-2.4.51-r1877397.patch
 Patch66: httpd-2.4.51-r1892413+.patch
 
 # Security fixes
+# https://bugzilla.redhat.com/show_bug.cgi?id=2034674
+Patch200: httpd-2.4.51-CVE-2021-44790.patch
 
 License: ASL 2.0
 BuildRequires: gcc, autoconf, pkgconfig, findutils, xmlto
@@ -264,6 +266,8 @@ written in the Lua programming language.
 %patch65 -p1 -b .r1877397
 %patch66 -p1 -b .r1892413+
 
+%patch200 -p1 -b .CVE-2021-44790
+
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
 sed -i 's/@RELEASE@/%{release}/' server/core.c
@@ -809,6 +813,10 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-5
+- Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow
+  when parsing multipart content
+
 * Mon Dec 06 2021 Neal Gompa <ngompa@centosproject.org> - 2.4.51-4
 - Use NAME from os-release(5) for vendor string
   Resolves: #2029071 - httpd on CentOS identifies as RHEL