File apache2-CVE-2006-20001.patch of Package apache2.35278

From b00b92bb9d1497414abf6ca1b679bcc8ad32a443 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 9 Jan 2023 12:01:56 +0000
Subject: [PATCH] * modules/dav/main/util.c (dav_process_if_header): Fix error 
  path for "Not" prefix parsing.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906487 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/dav/main/util.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index 1ae5914027c..3f7822fc931 100644
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -801,8 +801,14 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
                                                  "for the same state.");
                         }
                         condition = DAV_IF_COND_NOT;
+                        list += 2;
+                    }
+                    else {
+                        return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                                             DAV_ERR_IF_UNK_CHAR, 0,
+                                             "Invalid \"If:\" header: "
+                                             "Unexpected character in List");
                     }
-                    list += 2;
                     break;
 
                 case ' ':
openSUSE Build Service is sponsored by