lighttpd: fix CVE-2022-41556

Backport the fix from upstream to fix this CVE. (From OE-Core rev: 88e1917dbf1e1bce5713c88d97adceb28ac0da05) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 59f69125fb00dc8fd335f32fe6898e7a480141e4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-11-03 17:00:40 -1000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-11-04 13:13:31 +0000
commit: bd400c76a6224cc9f8e9ae2a0d8dddafefda86b3 (patch)
tree: 76359b7af90d0e42d332384a8125428f733f8eef /meta
parent: 0bfaca565e6a1a9ba6a9649fc7d736232dc27ace (diff)
download: poky-bd400c76a6224cc9f8e9ae2a0d8dddafefda86b3.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
new file mode 100644
index 0000000000..284a5a3ea9
--- /dev/null
+++ b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
@@ -0,0 +1,31 @@
+CVE: CVE-2022-41556
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Sun, 11 Sep 2022 22:31:34 -0400
+Subject: [PATCH] [core] handle RDHUP when collecting chunked body
+handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
+request body (and when not streaming request body to backend)
+x-ref:
+  https://github.com/lighttpd/lighttpd1.4/pull/115
+---
+ src/gw_backend.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/gw_backend.c b/src/gw_backend.c
+index df9d8217..5db56287 100644
+--- a/src/gw_backend.c
+++ b/src/gw_backend.c
+@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
+                  *  and module is flagged to stream request body to backend) */
+                 return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
+                   ? http_response_reqbody_read_error(r, 411)
+-                  : HANDLER_WAIT_FOR_EVENT;
+                  : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
+             }
+ 
+             if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {
diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
index 801162867c..78978105b2 100644
--- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
+++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
@@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
                     lighttpd-module-accesslog"
 SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
+           file://CVE-2022-41556.patch \
           file://index.html.lighttpd \
           file://lighttpd.conf \
           file://lighttpd \
author	Ross Burton <ross.burton@arm.com>	2022-11-03 17:00:40 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-04 13:13:31 +0000
commit	bd400c76a6224cc9f8e9ae2a0d8dddafefda86b3 (patch)
tree	76359b7af90d0e42d332384a8125428f733f8eef /meta
parent	0bfaca565e6a1a9ba6a9649fc7d736232dc27ace (diff)
download	poky-bd400c76a6224cc9f8e9ae2a0d8dddafefda86b3.tar.gz

diff --git a/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch new file mode 100644 index 0000000000..284a5a3ea9 --- /dev/null +++ b/meta/recipes-extended/lighttpd/lighttpd/CVE-2022-41556.patch
@@ -0,0 +1,31 @@
		1	CVE: CVE-2022-41556
		2	Upstream-Status: Backport
		3	Signed-off-by: Ross Burton <ross.burton@arm.com>
		4
		5	From b18de6f9264f914f7bf493abd3b6059343548e50 Mon Sep 17 00:00:00 2001
		6	From: Glenn Strauss <gstrauss@gluelogic.com>
		7	Date: Sun, 11 Sep 2022 22:31:34 -0400
		8	Subject: [PATCH] [core] handle RDHUP when collecting chunked body
		9
		10	handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
		11	request body (and when not streaming request body to backend)
		12
		13	x-ref:
		14	https://github.com/lighttpd/lighttpd1.4/pull/115
		15	---
		16	src/gw_backend.c \| 2 +-
		17	1 file changed, 1 insertion(+), 1 deletion(-)
		18
		19	diff --git a/src/gw_backend.c b/src/gw_backend.c
		20	index df9d8217..5db56287 100644
		21	--- a/src/gw_backend.c
		22	+++ b/src/gw_backend.c
		23	@@ -2228,7 +2228,7 @@ handler_t gw_handle_subrequest(request_st * const r, void *p_d) {
		24	* and module is flagged to stream request body to backend) */
		25	return (r->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
		26	? http_response_reqbody_read_error(r, 411)
		27	- : HANDLER_WAIT_FOR_EVENT;
		28	+ : (rc == HANDLER_GO_ON) ? HANDLER_WAIT_FOR_EVENT : rc;
		29	}
		30
		31	if (hctx->wb_reqlen < -1 && r->reqbody_length >= 0) {


diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb index 801162867c..78978105b2 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.66.bb
@@ -14,6 +14,7 @@ RRECOMMENDS:${PN} = "lighttpd-module-access \
14	lighttpd-module-accesslog"	14	lighttpd-module-accesslog"
15		15
16	SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \	16	SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \
		17	file://CVE-2022-41556.patch \
17	file://index.html.lighttpd \	18	file://index.html.lighttpd \
18	file://lighttpd.conf \	19	file://lighttpd.conf \
19	file://lighttpd \	20	file://lighttpd \