From 10cde2782866a031d9bda14e544d4c7a5d308167 Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Tue, 13 Sep 2022 06:17:20 +0000
Subject: [PATCH] fix CVE-2022-37797

(cherry picked from commit f130c95ba330969790560e747a51184deedb90da)
---
 CVE-2022-37797.patch | 31 +++++++++++++++++++++++++++++++
 lighttpd.spec        |  7 ++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-37797.patch

diff --git a/CVE-2022-37797.patch b/CVE-2022-37797.patch
new file mode 100644
index 0000000..d5cc197
--- /dev/null
+++ b/CVE-2022-37797.patch
@@ -0,0 +1,31 @@
+From a8f7ea10802f6363146e11e2552177bc1e5a6e12 Mon Sep 17 00:00:00 2001
+From: Glenn Strauss <gstrauss@gluelogic.com>
+Date: Tue, 13 Sep 2022 05:51:02 +0000
+Subject: [PATCH] [mod_wstunnel] fix crash with bad hybivers (fixes #3165)
+
+x-ref:
+  "mod_wstunnel null pointer dereference"
+  https://redmine.lighttpd.net/issues/3165
+---
+ src/mod_wstunnel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/mod_wstunnel.c b/src/mod_wstunnel.c
+index 6d17d4d..97b89f0 100644
+--- a/src/mod_wstunnel.c
++++ b/src/mod_wstunnel.c
+@@ -483,7 +483,10 @@ static handler_t wstunnel_handler_setup (request_st * const r, plugin_data * con
+     hctx->errh = r->conf.errh;/*(for mod_wstunnel-specific DEBUG_* macros)*/
+     hctx->conf = p->conf; /*(copies struct)*/
+     hybivers = wstunnel_check_request(r, hctx);
+-    if (hybivers < 0) return HANDLER_FINISHED;
++    if (hybivers < 0) {
++        r->handler_module = NULL;
++        return HANDLER_FINISHED;
++    }
+     hctx->hybivers = hybivers;
+     if (0 == hybivers) {
+         DEBUG_LOG_INFO("WebSocket Version = %s", "hybi-00");
+-- 
+2.33.0
+
diff --git a/lighttpd.spec b/lighttpd.spec
index e4816d1..27462cd 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -20,7 +20,7 @@
 Summary:             Lightning fast webserver with light system requirements
 Name:                lighttpd
 Version:             1.4.63
-Release:             4
+Release:             5
 License:             BSD-3-Clause and OML and GPLv3 and GPLv2
 URL:                 https://github.com/lighttpd/lighttpd1.4
 Source0:             http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-%{version}.tar.gz
@@ -32,6 +32,7 @@ Patch0:              lighttpd-1.4.62-defaultconf.patch
 Patch1:              make-setrlimit-warn-not-fatal.patch
 Patch2:              fix-loading-mod_auth-after-dynamic-modules.patch
 Patch3:              CVE-2022-22707.patch
+Patch4:              CVE-2022-37797.patch
 Requires:            %{name}-filesystem
 %if %{with systemd}
 Requires(post):      systemd
@@ -112,6 +113,7 @@ for the directories.
 %patch1 -p1 -b .setrlimit
 %patch2 -p1 -b .fixtrace
 %patch3 -p1
+%patch4 -p1
 
 %build
 autoreconf -if
@@ -258,6 +260,9 @@ fi
 %attr(0700, lighttpd, lighttpd) %dir %{webroot}/
 
 %changelog
+* Tue Sep 13 2022 cenhuilin <cenhuilin@kylinos.cn> - 1.4.63-5
+- Fix CVE-2022-37797
+
 * Fri Mar 11 2022 baizhonggui <baizhonggui@huawei.com> - 1.4.63-4
 - Modify var.state_dir path from /etc/lighttpd/lighttpd.conf in lighttpd-1.4.62-defaultconf.patch
 
-- 
Gitee