From c69e20d988fcacb4eadb1aab3b4a699696d0e70d Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Mon, 8 Nov 2021 15:42:42 +0800
Subject: [PATCH] Fix CVE-2021-41973

(cherry picked from commit 9bc7296e736ff4539c7e8b6c5ff785e5484d8a5e)
---
 CVE-2021-41973.patch | 22 ++++++++++++++++++++++
 apache-mina.spec     |  9 +++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2021-41973.patch

diff --git a/CVE-2021-41973.patch b/CVE-2021-41973.patch
new file mode 100644
index 0000000..bf9dc3a
--- /dev/null
+++ b/CVE-2021-41973.patch
@@ -0,0 +1,22 @@
+From 3a91690e574a69875a2fca1f0e363b0b9ff00469 Mon Sep 17 00:00:00 2001
+From: Jonathan Valliere <johnnyv@apache.org>
+Date: Thu, 14 Oct 2021 23:34:17 -0400
+Subject: [PATCH] Backport fix for malformed HTTP decoder loop
+
+---
+ .../src/main/java/org/apache/mina/http/HttpServerDecoder.java   | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
+index 4f9ed5998..d861216e6 100644
+--- a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
++++ b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
+@@ -194,7 +194,7 @@ public void dispose(IoSession session) throws Exception {
+     }
+ 
+     private HttpRequestImpl parseHttpRequestHead(ByteBuffer buffer) {
+-        String raw = new String(buffer.array(), 0, buffer.limit());
++    	String raw = new String(buffer.array(), buffer.position(), buffer.remaining());
+         String[] headersAndBody = RAW_VALUE_PATTERN.split(raw, -1);
+ 
+         if (headersAndBody.length <= 1) {
diff --git a/apache-mina.spec b/apache-mina.spec
index d104e80..1ca0885 100644
--- a/apache-mina.spec
+++ b/apache-mina.spec
@@ -1,10 +1,11 @@
 Name:                apache-mina
 Version:             2.0.21
-Release:             1
+Release:             2
 Summary:             Apache MINA
 License:             ASL 2.0
 URL:                 http://mina.apache.org
 Source0:             https://github.com/apache/mina/archive/%{version}.tar.gz
+Patch0:              CVE-2021-41973.patch
 BuildRequires:       maven-local mvn(com.jcraft:jzlib) mvn(commons-lang:commons-lang)
 BuildRequires:       mvn(org.apache:apache:pom:) mvn(org.slf4j:slf4j-api)
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
@@ -48,6 +49,7 @@ This package provides %{name}.
 
 %prep
 %setup -q -n mina-%{version}
+%patch0 -p1
 sed -i \
     -e 's|<packaging>bundle</packaging>|<packaging>jar</packaging>|g' \
     -e 's|<type>bundle</type>|<type>jar</type>|g' \
@@ -87,7 +89,10 @@ sed -i \
 %doc LICENSE.txt NOTICE.txt
 
 %changelog
-* Mon 21 Sep wangyue <wangyue92@huawei.com> - 2.0.21-1
+* Mon Nov 08 2021 wangkai <wangkai385@huawei.com> - 2.0.21-2
+- Fix CVE-2021-41973
+
+* Mon Sep 21 2020 wangyue <wangyue92@huawei.com> - 2.0.21-1
 - Fix CVE-2019-0231
 
 * Mon Jul 27 2020 leiju <leiju4@huawei.com> - 2.0.9-1
-- 
Gitee