From 7e5749d083bc9345841ee35b235908f2cb3333bd Mon Sep 17 00:00:00 2001
From: linker99 <fandehui1@huawei.com>
Date: Wed, 16 Jun 2021 10:38:41 +0800
Subject: [PATCH] fix CVE-2021-26691

(cherry picked from commit 613821a5c0c4208d87eafa22e64d1141dace1d76)
---
 CVE-2021-26691.patch | 31 +++++++++++++++++++++++++++++++
 httpd.spec           |  9 ++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-26691.patch

diff --git a/CVE-2021-26691.patch b/CVE-2021-26691.patch
new file mode 100644
index 0000000..1d0f11d
--- /dev/null
+++ b/CVE-2021-26691.patch
@@ -0,0 +1,31 @@
+From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Mon, 1 Mar 2021 20:13:54 +0000
+Subject: [PATCH] mod_session: account for the '&' in identity_concat().
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/session/mod_session.c       | 3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
+index 01f41fe5d0f..a41e58444f9 100644
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -326,7 +326,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
+ static int identity_count(void *v, const char *key, const char *val)
+ {
+     int *count = v;
+-    *count += strlen(key) * 3 + strlen(val) * 3 + 1;
++    *count += strlen(key) * 3 + strlen(val) * 3 + 2;
+     return 1;
+ }
+ 
+@@ -362,7 +362,6 @@ static int identity_concat(void *v, const char *key, const char *val)
+  */
+ static apr_status_t session_identity_encode(request_rec * r, session_rec * z)
+ {
+-
+     char *buffer = NULL;
+     int length = 0;
+     if (z->expiry) {
diff --git a/httpd.spec b/httpd.spec
index 9f8b618..0b8caa7 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.43
-Release:          4
+Release:          5
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -69,6 +69,7 @@ Patch15:          httpd-2.4.43-lua-resume.patch
 Patch16:          CVE-2020-11984.patch 
 Patch17:          CVE-2020-11993.patch 
 Patch18:          CVE-2020-9490.patch
+Patch19:          CVE-2021-26691.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -505,6 +506,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Wed Jun 16 2021 yanglu <yanglu72@huawei.com> - 2.4.43-5
+- Type:cves
+- ID:CVE-2021-26691
+- SUG:NA
+- DESC:fix CVE-2021-26691
+
 * Mon Nov 09 2020 quanhongfei <quanhongfei@huawei.com> - 2.4.43-4
 - Type:requirement
 - ID:NA
-- 
Gitee