File apache2-CVE-2021-44790.patch of Package apache2.35278

--- 2.4.x/modules/lua/lua_request.c	2021/12/16 11:09:40	1896038
+++ 2.4.x/modules/lua/lua_request.c	2021/12/16 11:15:47	1896039
@@ -410,6 +410,7 @@ static int req_parsebody(lua_State *L)
             if (end == NULL) break;
             key = (char *) apr_pcalloc(r->pool, 256);
             filename = (char *) apr_pcalloc(r->pool, 256);
+            if (end - crlf <= 8) break;
             vlen = end - crlf - 8;
             buffer = (char *) apr_pcalloc(r->pool, vlen+1);
             memcpy(buffer, crlf + 4, vlen);


openSUSE Build Service is sponsored by