diff options
| author |   Ross Burton <ross.burton@arm.com> | 2022-10-21 17:16:39 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-10-25 13:42:00 +0100 |
| commit | 59f69125fb00dc8fd335f32fe6898e7a480141e4 (patch) | |
| tree | ad3283e3d98a3d3975152a63f5c195b7abb90ace /meta/recipes-extended | |
| parent | 9c87828493784d996910d742006268a626ef0130 (diff) | |
| download | openembedded-core-contrib-59f69125fb00dc8fd335f32fe6898e7a480141e4.tar.gz | |
lighttpd: fix CVE-2022-41556
Backport the fix from upstream to fix this CVE.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
| -rw-r--r-- | meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch | 31 | ||||
| -rw-r--r-- | meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb | 1 |
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch new file mode 100644 index 0000000000..284a5a3ea9 --- /dev/null +++ b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch @@ -0,0 +1,31 @@ +CVE: CVE-2022-41556 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001 +From: Glenn Strauss <gstrauss@gluelogic.com> +Date: Sun, 11 Sep 2022 22:31:34 -0400 +Subject: [PATCH] [core] handle RDHUP when collecting chunked body + +handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked +request body (and when not streaming request body to backend) + +x-ref: + https://github.com/lighttpd/lighttpd1.4/pull/115 +--- + src/gw_backend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/gw_backend.c b/src/gw_backend.c +index df9d8217..5db56287 100644 +--- a/src/gw_backend.c ++++ b/src/gw_backend.c +@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) { + * and module is flagged to stream request body to backend) */ + return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST) + ? http_response_reqbody_read_error(r, 411) +- : HANDLER_WAIT_FOR_EVENT; ++ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc; + } + + if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) { diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb index 801162867c..78978105b2 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb @@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://CVE-2022-41556.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ |