Patch for cve-2023-27371

cve-2023-27371.patch

@@ -0,0 +1,15 @@
+diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c
+index 99074215..c00605c7 100644
+--- a/src/microhttpd/postprocessor.c
++++ b/src/microhttpd/postprocessor.c
+@@ -83,7 +83,7 @@ MHD_create_post_processor (struct MHD_Connection *connection,
+       return NULL; /* failed to determine boundary */
+     boundary += MHD_STATICSTR_LEN_ ("boundary=");
+     blen = strlen (boundary);
+-    if ( (blen == 0) ||
++    if ( (blen < 2) ||
+          (blen * 2 + 2 > buffer_size) )
+       return NULL;              /* (will be) out of memory or invalid boundary */
+     if ( (boundary[0] == '"') &&
+-- 
+cgit v1.2.3

libmicrohttpd.spec

@@ -7,7 +7,7 @@ License:        LGPLv2+
 URL:            http://www.gnu.org/software/libmicrohttpd/
 Source0:        https://ftp.gnu.org/gnu/libmicrohttpd/%{name}-%{version}.tar.gz
 Patch0:         gnutls-utilize-system-crypto-policy.patch
-Patch1:         dos.patch
+Patch1:         cve-2023-27371.patch
 
 BuildRequires:  autoconf, automake, libtool, gettext-devel
 BuildRequires:  texinfo
@@ -109,7 +109,7 @@ fi
 
 %changelog
 * Tue Mar 28 2023 Pavel Šimovec <psimovec@redhat.com> - 1:0.9.72-5
-- Add dos.patch
+- Add cve-2023-27371.patch
   Related: rhbz#2174640
   CVE-2023-27371