From 808c4e3ff7534cf0518c944541dfb36d1a2e0de3 Mon Sep 17 00:00:00 2001
From: yhnnn <yanghui@kylinos.cn>
Date: Tue, 12 Jul 2022 17:35:57 +0800
Subject: [PATCH] fix CVE-2021-33254

---
 CVE-2021-33254.patch | 15 +++++++++++++++
 appweb.spec          | 10 ++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2021-33254.patch

diff --git a/CVE-2021-33254.patch b/CVE-2021-33254.patch
new file mode 100644
index 0000000..956e352
--- /dev/null
+++ b/CVE-2021-33254.patch
@@ -0,0 +1,15 @@
+diff -Nur appweb-8.2.5/src/http/httpLib.c new/src/http/httpLib.c
+--- appweb-8.2.5/src/http/httpLib.c	2021-11-09 04:59:05.000000000 +0800
++++ new/src/http/httpLib.c	2022-07-12 16:19:03.610242882 +0800
+@@ -17337,7 +17337,10 @@
+          */
+         up = rx->parsedUri;
+         up->scheme = sclone(stream->secure ? "https" : "http");
+-        hostname = rx->hostHeader ? rx->hostHeader : stream->host->name;
++        hostname = rx->hostHeader;
++	 if (!hostname && stream->host) {
++	     hostname = stream->host->name;
++	 }
+         if (!hostname) {
+             hostname = stream->sock->acceptIp;
+         }
diff --git a/appweb.spec b/appweb.spec
index 5eb1221..ac03669 100755
--- a/appweb.spec
+++ b/appweb.spec
@@ -1,20 +1,23 @@
 Name:   appweb
 Version: 8.2.5
-Release: 1
+Release: 2
 Summary: Appweb Community Edition is a fast embedded web server for securely hosting embedded web management application.
 License: GPLv2
 URL: https://www.embedthis.com/licensing/index.html
 Source0: https://s3.amazonaws.com/embedthis.public/%{name}-%{version}-src.tgz
 
+Patch0: CVE-2021-33254.patch
+
 BuildRequires:  ncurses-devel, asciidoc
 
 %description
 Appweb Community Edition is a fast embedded web server for securely hosting embedded web management applications.
 
 %prep
-%setup -q -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
 %define debug_package %{nil}
 
+
 %build
 %configure
 CFLAGS="$RPM_OPT_FLAGS -DVERSION=appweb-%{version}-%{release}"
@@ -41,6 +44,9 @@ cp -r ./build/linux-%{ARCH}-default/usr/local/* %{buildroot}
 /share/*
 
 %changelog
+* Tue Jul 12 2022 yanghui <yanghui@kylinos.cn> - 8.2.5-2
+- fix CVE-2021-33254
+
 * Thu Nov 18 2021  StrongTiger_001 <StrongTiger_001@isrc.iscas.ac.cn> - 8.2.5-1 
 - Update the package to 8.2.5
 
-- 
Gitee