diff options
author | Jim Jagielski <jim@apache.org> | 2017-01-09 21:13:46 +0000 |
---|---|---|
committer | Jim Jagielski <jim@apache.org> | 2017-01-09 21:13:46 +0000 |
commit | ac5d56ad78675361b6f1ab710977e0c2cfe5f5b3 (patch) | |
tree | 8916a0404692c144b06f6a38c6203ea7dc8004e3 | |
parent | 78213fd4cc088982096d4afb3fedc21bae6131eb (diff) | |
download | httpd-ac5d56ad78675361b6f1ab710977e0c2cfe5f5b3.tar.gz |
Merge r1775487 from trunk:
fix crash in util_fcgi.c
*) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
modules add empty environment variables to the request. PR60275.
[<alex2grad AT gmail.com>]
Submitted By: <alex2grad AT gmail.com>]
Committed By: covener
Submitted by: covener
Reviewed by: covener, jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1778050 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | STATUS | 5 | ||||
-rw-r--r-- | server/util_fcgi.c | 11 |
3 files changed, 11 insertions, 9 deletions
@@ -2,6 +2,10 @@ Changes with Apache 2.4.26 + *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when + modules add empty environment variables to the request. PR60275. + [<alex2grad AT gmail.com>] + *) mod_http2: fix for possible page fault when stream is resumed during session shutdown. [sidney-j-r-m (github)] @@ -119,11 +119,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) util_fcgi: Fix crash with empty-valued envvars. PR60275 - trunk patch: http://svn.apache.org/r1775487. - 2.4.x patch: trunk works - +1 covener, jim, wrowe - *) mod_auth_digest: Reduce severity from NOTICE to DEBUG this once-per-restart msg (I guess the concern was that the RNG could block after this message) diff --git a/server/util_fcgi.c b/server/util_fcgi.c index a241e965f6..7fb2c8c1c2 100644 --- a/server/util_fcgi.c +++ b/server/util_fcgi.c @@ -153,7 +153,7 @@ AP_DECLARE(apr_size_t) ap_fcgi_encoded_env_len(apr_table_t *env, envlen += keylen; - vallen = strlen(elts[i].val); + vallen = elts[i].val ? strlen(elts[i].val) : 0; if (vallen >> 7 == 0) { envlen += 1; @@ -226,7 +226,7 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_env(request_rec *r, buflen -= 4; } - vallen = strlen(elts[i].val); + vallen = elts[i].val ? strlen(elts[i].val) : 0; if (vallen >> 7 == 0) { if (buflen < 1) { @@ -262,8 +262,11 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_env(request_rec *r, rv = APR_ENOSPC; /* overflow */ break; } - memcpy(itr, elts[i].val, vallen); - itr += vallen; + + if (elts[i].val) { + memcpy(itr, elts[i].val, vallen); + itr += vallen; + } if (buflen == vallen) { (*starting_elem)++; |