TakeV/guix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
guix/gnu/packages/patches/httpd-CVE-2016-8740.patch
Efraim Flashner 1ebe49f192
gnu: httpd: Add fix for CVE-2016-8740. 
* gnu/packages/web.scm (httpd)[source]: Add patch for CVE-2016-8740.
* gnu/packages/patches/httpd-CVE-2016-8740.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
2016-12-06 15:39:25 +02:00

37 lines
1.3 KiB
Diff
Raw Blame History

This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
http://openwall.com/lists/oss-security/2016/12/05/17
Index: modules/http2/h2_stream.c
===================================================================
--- modules/http2/h2_stream.c (revision 1771866)
+++ modules/http2/h2_stream.c (working copy)
@@ -322,18 +322,18 @@
HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
}
}
- }
-
- if (h2_stream_is_scheduled(stream)) {
- return h2_request_add_trailer(stream->request, stream->pool,
- name, nlen, value, vlen);
- }
- else {
- if (!input_open(stream)) {
- return APR_ECONNRESET;
+
+ if (h2_stream_is_scheduled(stream)) {
+ return h2_request_add_trailer(stream->request, stream->pool,
+ name, nlen, value, vlen);
}
- return h2_request_add_header(stream->request, stream->pool,
- name, nlen, value, vlen);
+ else {
+ if (!input_open(stream)) {
+ return APR_ECONNRESET;
+ }
+ return h2_request_add_header(stream->request, stream->pool,
+ name, nlen, value, vlen);
+ }
}
}
Reference in a new issue View git blame Copy permalink