File apache2-CVE-2021-44790.patch of Package apache2.35278
--- 2.4.x/modules/lua/lua_request.c 2021/12/16 11:09:40 1896038 +++ 2.4.x/modules/lua/lua_request.c 2021/12/16 11:15:47 1896039 @@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L) if (end == NULL) break; key = (char *) apr_pcalloc(r->pool, 256); filename = (char *) apr_pcalloc(r->pool, 256); + if (end - crlf <= 8) break; vlen = end - crlf - 8; buffer = (char *) apr_pcalloc(r->pool, vlen+1); memcpy(buffer, crlf + 4, vlen);