Blame SOURCES/httpd-2.4.37-CVE-2020-11984.patch
|
 |
ca8514 |
--- a/modules/proxy/mod_proxy_uwsgi.c 2020/07/24 09:31:46 1880250
|
|
|
ca8514 |
+++ b/modules/proxy/mod_proxy_uwsgi.c 2020/07/24 09:35:25 1880251
|
|
|
ca8514 |
@@ -136,7 +136,7 @@
|
|
|
ca8514 |
int j;
|
|
|
ca8514 |
|
|
|
ca8514 |
apr_size_t headerlen = 4;
|
|
|
ca8514 |
- apr_uint16_t pktsize, keylen, vallen;
|
|
|
ca8514 |
+ apr_size_t pktsize, keylen, vallen;
|
|
|
ca8514 |
const char *script_name;
|
|
|
ca8514 |
const char *path_info;
|
|
|
ca8514 |
const char *auth;
|
|
|
ca8514 |
@@ -178,6 +178,15 @@
|
|
|
ca8514 |
headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
|
|
|
ca8514 |
}
|
|
|
ca8514 |
|
|
|
ca8514 |
+ pktsize = headerlen - 4;
|
|
|
ca8514 |
+ if (pktsize > APR_UINT16_MAX) {
|
|
|
ca8514 |
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259)
|
|
|
ca8514 |
+ "can't send headers to %s:%u: packet size too "
|
|
|
ca8514 |
+ "large (%" APR_SIZE_T_FMT ")",
|
|
|
ca8514 |
+ conn->hostname, conn->port, pktsize);
|
|
|
ca8514 |
+ return HTTP_INTERNAL_SERVER_ERROR;
|
|
|
ca8514 |
+ }
|
|
|
ca8514 |
+
|
|
|
ca8514 |
ptr = buf = apr_palloc(r->pool, headerlen);
|
|
|
ca8514 |
|
|
|
ca8514 |
ptr += 4;
|
|
|
ca8514 |
@@ -196,8 +205,6 @@
|
|
|
ca8514 |
ptr += vallen;
|
|
|
ca8514 |
}
|
|
|
ca8514 |
|
|
|
ca8514 |
- pktsize = headerlen - 4;
|
|
|
ca8514 |
-
|
|
|
ca8514 |
buf[0] = 0;
|
|
|
ca8514 |
buf[1] = (apr_byte_t) (pktsize & 0xff);
|
|
|
ca8514 |
buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);
|