File apache2-CVE-2020-11984.patch of Package apache2.15845

Index: httpd-2.4.43/modules/proxy/mod_proxy_uwsgi.c
===================================================================
--- httpd-2.4.43.orig/modules/proxy/mod_proxy_uwsgi.c	2020-08-11 14:07:22.739468880 +0200
+++ httpd-2.4.43/modules/proxy/mod_proxy_uwsgi.c	2020-08-11 14:07:22.747468933 +0200
@@ -136,7 +136,7 @@ static int uwsgi_send_headers(request_re
     int j;
 
     apr_size_t headerlen = 4;
-    apr_uint16_t pktsize, keylen, vallen;
+    apr_size_t pktsize, keylen, vallen;
     const char *script_name;
     const char *path_info;
     const char *auth;
@@ -178,6 +178,15 @@ static int uwsgi_send_headers(request_re
         headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);
     }
 
+    pktsize = headerlen - 4;
+    if (pktsize > APR_UINT16_MAX) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259)
+                      "can't send headers to %s:%u: packet size too "
+                      "large (%" APR_SIZE_T_FMT ")",
+                      conn->hostname, conn->port, pktsize);
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
     ptr = buf = apr_palloc(r->pool, headerlen);
 
     ptr += 4;
@@ -198,8 +207,6 @@ static int uwsgi_send_headers(request_re
         ptr += vallen;
     }
 
-    pktsize = headerlen - 4;
-
     buf[0] = 0;
     buf[1] = (apr_byte_t) (pktsize & 0xff);
     buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff);