1 files changed, 44 insertions, 0 deletions

diff --git a/projects/apache-httpd/patches.diff b/projects/apache-httpd/patches.diff
new file mode 100644
index 000000000..d93b12b98
--- /dev/null
+++ b/projects/apache-httpd/patches.diff
@@ -0,0 +1,44 @@
+diff --git a/server/apreq_parser_header.c b/server/apreq_parser_header.c
+index 19588be..7067e58 100644
+--- a/server/apreq_parser_header.c
++++ b/server/apreq_parser_header.c
+@@ -89,7 +89,7 @@ static apr_status_t split_header_line(apreq_param_t **p,
+         if (s != APR_SUCCESS)
+             return s;
+ 
+-        assert(nlen >= len);
++	if (!(nlen >= len)) { return APR_EBADARG; } assert(nlen >= len);
+         end->iov_len = len;
+         nlen -= len;
+ 
+@@ -103,13 +103,13 @@ static apr_status_t split_header_line(apreq_param_t **p,
+         if (s != APR_SUCCESS)
+             return s;
+ 
+-        assert(glen >= dlen);
++	if (!(glen >= dlen)) { return APR_EBADARG; } assert(glen >= dlen);
+         glen -= dlen;
+         e = APR_BUCKET_NEXT(e);
+     }
+ 
+     /* copy value */
+-    assert(vlen > 0);
++    if (!(vlen > 0)) { return APR_EBADARG; } assert(vlen > 0);
+     dest = v->data;
+     while (vlen > 0) {
+ 
+@@ -119,12 +119,12 @@ static apr_status_t split_header_line(apreq_param_t **p,
+ 
+         memcpy(dest, data, dlen);
+         dest += dlen;
+-        assert(vlen >= dlen);
++	if (!(vlen >= dlen)) { return APR_EBADARG; } assert(vlen >= dlen);
+         vlen -= dlen;
+         e = APR_BUCKET_NEXT(e);
+     }
+ 
+-    assert(dest[-1] == '\n');
++    if (!(dest[-1] == '\n')) { return APR_EBADARG; } assert(dest[-1] == '\n');
+ 
+     if (dest[-2] == '\r')
+         --dest;