Blame SOURCES/httpd-2.4.37-CVE-2022-28614.patch
|
|
8d2dcd |
diff --git a/include/http_protocol.h b/include/http_protocol.h
|
|
|
8d2dcd |
index e1572dc..8ed77ac 100644
|
|
|
8d2dcd |
--- a/include/http_protocol.h
|
|
|
8d2dcd |
+++ b/include/http_protocol.h
|
|
|
8d2dcd |
@@ -439,7 +439,27 @@ AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r);
|
|
|
8d2dcd |
*/
|
|
|
8d2dcd |
static APR_INLINE int ap_rputs(const char *str, request_rec *r)
|
|
|
8d2dcd |
{
|
|
|
8d2dcd |
- return ap_rwrite(str, (int)strlen(str), r);
|
|
|
8d2dcd |
+ apr_size_t len;
|
|
|
8d2dcd |
+
|
|
|
8d2dcd |
+ len = strlen(str);
|
|
|
8d2dcd |
+
|
|
|
8d2dcd |
+ for (;;) {
|
|
|
8d2dcd |
+ if (len <= INT_MAX) {
|
|
|
8d2dcd |
+ return ap_rwrite(str, (int)len, r);
|
|
|
8d2dcd |
+ }
|
|
|
8d2dcd |
+ else {
|
|
|
8d2dcd |
+ int rc;
|
|
|
8d2dcd |
+
|
|
|
8d2dcd |
+ rc = ap_rwrite(str, INT_MAX, r);
|
|
|
8d2dcd |
+ if (rc < 0) {
|
|
|
8d2dcd |
+ return rc;
|
|
|
8d2dcd |
+ }
|
|
|
8d2dcd |
+ else {
|
|
|
8d2dcd |
+ str += INT_MAX;
|
|
|
8d2dcd |
+ len -= INT_MAX;
|
|
|
8d2dcd |
+ }
|
|
|
8d2dcd |
+ }
|
|
|
8d2dcd |
+ }
|
|
|
8d2dcd |
}
|
|
|
8d2dcd |
|
|
|
8d2dcd |
/**
|
|
|
8d2dcd |
diff --git a/server/protocol.c b/server/protocol.c
|
|
|
8d2dcd |
index a554970..ea461a2 100644
|
|
|
8d2dcd |
--- a/server/protocol.c
|
|
|
8d2dcd |
+++ b/server/protocol.c
|
|
|
8d2dcd |
@@ -2107,6 +2107,9 @@ AP_DECLARE(int) ap_rputc(int c, request_rec *r)
|
|
|
8d2dcd |
|
|
|
8d2dcd |
AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r)
|
|
|
8d2dcd |
{
|
|
|
8d2dcd |
+ if (nbyte < 0)
|
|
|
8d2dcd |
+ return -1;
|
|
|
8d2dcd |
+
|
|
|
8d2dcd |
if (r->connection->aborted)
|
|
|
8d2dcd |
return -1;
|
|
|
8d2dcd |
|