aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/httpd-CVE-2016-8740.patch
blob: 17ba323ccf4ad1976518760351b4a5221a9c9eae (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
This patch applies against httpd-2.4.23 and shouldn't be needed in later releases
http://openwall.com/lists/oss-security/2016/12/05/17
Index: modules/http2/h2_stream.c
===================================================================
--- modules/http2/h2_stream.c	(revision 1771866)
+++ modules/http2/h2_stream.c	(working copy)
@@ -322,18 +322,18 @@
                                            HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
             }
         }
-    }
-    
-    if (h2_stream_is_scheduled(stream)) {
-        return h2_request_add_trailer(stream->request, stream->pool,
-                                      name, nlen, value, vlen);
-    }
-    else {
-        if (!input_open(stream)) {
-            return APR_ECONNRESET;
+        
+        if (h2_stream_is_scheduled(stream)) {
+            return h2_request_add_trailer(stream->request, stream->pool,
+                                          name, nlen, value, vlen);
         }
-        return h2_request_add_header(stream->request, stream->pool,
-                                     name, nlen, value, vlen);
+        else {
+            if (!input_open(stream)) {
+                return APR_ECONNRESET;
+            }
+            return h2_request_add_header(stream->request, stream->pool,
+                                         name, nlen, value, vlen);
+        }
     }
 }