diff options
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch')
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch deleted file mode 100644 index d3aea9e122..0000000000 --- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001 -From: Yann Ylavic <ylavic@apache.org> -Date: Mon, 1 Mar 2021 20:07:08 +0000 -Subject: [PATCH] mod_session: save one apr_strtok() in - session_identity_decode(). - -When the encoding is invalid (missing '='), no need to parse further. - -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68 - -Upstream-Status: Backport -CVE: CVE-2021-26690 - -Reference to upstream patch: -https://security-tracker.debian.org/tracker/CVE-2021-26690 -https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- - modules/session/mod_session.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c -index ebd05b0..af70f6b 100644 ---- a/modules/session/mod_session.c -+++ b/modules/session/mod_session.c -@@ -404,8 +404,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z) - char *plast = NULL; - const char *psep = "="; - char *key = apr_strtok(pair, psep, &plast); -- char *val = apr_strtok(NULL, psep, &plast); - if (key && *key) { -+ char *val = apr_strtok(NULL, sep, &plast); - if (!val || !*val) { - apr_table_unset(z->entries, key); - } --- -2.7.4 - |