02c7a7771b
Offering:EulerOS Server CVE:CVE-2022-28614, CVE-2022-26377, CVE-2022-30522, CVE-2022-28615, CVE-2022-31813 Reference:8c14927162f7f15f3d8b65b8fb947b929c7156ce956f708b09Type:CVE DTS/AR:NA reason:fix CVE-2022-28614, CVE-2022-26377, CVE-2022-30522, CVE-2022-28615, CVE-2022-31813
61 lines
1.5 KiB
Diff
61 lines
1.5 KiB
Diff
From 8c14927162cf3b4f810683e1c5505e9ef9e1f123 Mon Sep 17 00:00:00 2001
|
|
From: covener <covener@apache.org>
|
|
Date: Wed Jun 1 07:51:04 2022 UTC
|
|
Subject: [PATCH] handle large writes in ap_rputs
|
|
|
|
---
|
|
include/http_protocol.h | 22 +++++++++++++++++++++-
|
|
server/protocol.c | 3 +++
|
|
2 files changed, 24 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/include/http_protocol.h b/include/http_protocol.h
|
|
index d9024da..0468d75 100644
|
|
--- a/include/http_protocol.h
|
|
+++ b/include/http_protocol.h
|
|
@@ -418,7 +418,27 @@ AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r);
|
|
*/
|
|
static APR_INLINE int ap_rputs(const char *str, request_rec *r)
|
|
{
|
|
- return ap_rwrite(str, (int)strlen(str), r);
|
|
+ apr_size_t len;
|
|
+
|
|
+ len = strlen(str);
|
|
+
|
|
+ for (;;) {
|
|
+ if (len <= INT_MAX) {
|
|
+ return ap_rwrite(str, (int)len, r);
|
|
+ }
|
|
+ else {
|
|
+ int rc;
|
|
+
|
|
+ rc = ap_rwrite(str, INT_MAX, r);
|
|
+ if (rc < 0) {
|
|
+ return rc;
|
|
+ }
|
|
+ else {
|
|
+ str += INT_MAX;
|
|
+ len -= INT_MAX;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
/**
|
|
diff --git a/server/protocol.c b/server/protocol.c
|
|
index e3af150..cf6ca19 100644
|
|
--- a/server/protocol.c
|
|
+++ b/server/protocol.c
|
|
@@ -2020,6 +2020,9 @@ AP_DECLARE(int) ap_rputc(int c, request_rec *r)
|
|
|
|
AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r)
|
|
{
|
|
+ if (nbyte < 0)
|
|
+ return -1;
|
|
+
|
|
if (r->connection->aborted)
|
|
return -1;
|
|
|
|
--
|
|
1.8.3.1
|
|
|