diff options
author | Ivan Zhakov <ivan@apache.org> | 2022-06-20 18:18:18 +0000 |
---|---|---|
committer | Ivan Zhakov <ivan@apache.org> | 2022-06-20 18:18:18 +0000 |
commit | 5ea7017d94a889c4d034e80c29e23ca9d7e71d2d (patch) | |
tree | 70761139297027b6b6c5501ddfd96667b22bd020 | |
parent | eb72f6affeada8125a7ef1391a809250f59904c8 (diff) | |
download | apr-5ea7017d94a889c4d034e80c29e23ca9d7e71d2d.tar.gz |
On 1.8.x branch: Merge r1902058 from trunk:
win32: Fix attempt to free invalid memory on exit when apr_app is used.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.8.x@1902110 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | misc/win32/apr_app.c | 32 |
2 files changed, 30 insertions, 5 deletions
@@ -8,6 +8,9 @@ Changes for APR 1.8.0 *) apr_file_mtime_set(): Minor optimization on Windows. [Ivan Zhakov] + *) Fix attempt to free invalid memory on exit when apr_app is used + on Windows. [Ivan Zhakov] + Changes for APR 1.7.1 *) SECURITY: CVE-2021-35940 (cve.mitre.org) diff --git a/misc/win32/apr_app.c b/misc/win32/apr_app.c index 4e08e33d7..f1b6ce57c 100644 --- a/misc/win32/apr_app.c +++ b/misc/win32/apr_app.c @@ -51,15 +51,37 @@ int wmain(int argc, const wchar_t **wargv, const wchar_t **wenv) { char **argv; char **env; - int dupenv; + int envc; + int i; (void)apr_wastrtoastr(&argv, wargv, argc); - dupenv = apr_wastrtoastr(&env, wenv, -1); + envc = 0; + while (wenv[envc]) { + envc++; + } + + /* Initial environment stored as single heap block, but uses + * separate heap entry for every environment variable + * after first change. + */ + env = apr_malloc_dbg((envc + 1) * sizeof(char *), __FILE__, __LINE__); + + for (i = 0; i < envc; i++) { + apr_size_t wcount; + apr_size_t envlen; + + wcount = wcslen(wenv[i]) + 1; + envlen = (wcount - 1) * 3 + 1; + + env[i] = apr_malloc_dbg(envlen, __FILE__, __LINE__); + + (void)apr_conv_ucs2_to_utf8(wenv[i], &wcount, env[i], &envlen); + } + + env[i] = NULL; - _environ = apr_malloc_dbg((dupenv + 1) * sizeof (char *), - __FILE__, __LINE__ ); - memcpy(_environ, env, (dupenv + 1) * sizeof (char *)); + _environ = env; /* MSVCRT will attempt to maintain the wide environment calls * on _putenv(), which is bogus if we've passed a non-ascii |