From bddc4ed9e9a65fb901f25626308877a4c423b1b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20=C5=A0imovec?= <psimovec@redhat.com>
Date: Wed, 29 Mar 2023 13:32:18 +0200
Subject: [PATCH] Patch for cve-2023-27371

---
 cve-2023-27371.patch | 15 +++++++++++++++
 libmicrohttpd.spec   |  4 ++--
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 cve-2023-27371.patch

diff --git a/cve-2023-27371.patch b/cve-2023-27371.patch
new file mode 100644
index 0000000..fa85125
--- /dev/null
+++ b/cve-2023-27371.patch
@@ -0,0 +1,15 @@
+diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c
+index 99074215..c00605c7 100644
+--- a/src/microhttpd/postprocessor.c
++++ b/src/microhttpd/postprocessor.c
+@@ -83,7 +83,7 @@ MHD_create_post_processor (struct MHD_Connection *connection,
+       return NULL; /* failed to determine boundary */
+     boundary += MHD_STATICSTR_LEN_ ("boundary=");
+     blen = strlen (boundary);
+-    if ( (blen == 0) ||
++    if ( (blen < 2) ||
+          (blen * 2 + 2 > buffer_size) )
+       return NULL;              /* (will be) out of memory or invalid boundary */
+     if ( (boundary[0] == '"') &&
+-- 
+cgit v1.2.3
diff --git a/libmicrohttpd.spec b/libmicrohttpd.spec
index eaa389b..51b80d0 100644
--- a/libmicrohttpd.spec
+++ b/libmicrohttpd.spec
@@ -7,7 +7,7 @@ License:        LGPLv2+
 URL:            http://www.gnu.org/software/libmicrohttpd/
 Source0:        https://ftp.gnu.org/gnu/libmicrohttpd/%{name}-%{version}.tar.gz
 Patch0:         gnutls-utilize-system-crypto-policy.patch
-Patch1:         dos.patch
+Patch1:         cve-2023-27371.patch
 
 BuildRequires:  autoconf, automake, libtool, gettext-devel
 BuildRequires:  texinfo
@@ -109,7 +109,7 @@ fi
 
 %changelog
 * Tue Mar 28 2023 Pavel Šimovec <psimovec@redhat.com> - 1:0.9.72-5
-- Add dos.patch
+- Add cve-2023-27371.patch
   Related: rhbz#2174640
   CVE-2023-27371