diff options
author | Giovanni Bechis <gbechis@apache.org> | 2023-04-04 21:43:46 +0000 |
---|---|---|
committer | Giovanni Bechis <gbechis@apache.org> | 2023-04-04 21:43:46 +0000 |
commit | 51a3e295058839b04fd7df544bbc5571f43226eb (patch) | |
tree | 3da4efee9257b4b4436c234c2a7578ab7c1ce22a /modules | |
parent | fae4895b8dbcedfde2933e86859e38d0c94324f0 (diff) | |
download | httpd-51a3e295058839b04fd7df544bbc5571f43226eb.tar.gz |
Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
does not check the return value of ap_runtime_dir_relative() and use it
directly.
Fix this bug by adding a NULL check.
Submitted by: Zhou Qingyang <zhou1615@umn.edu>
Github: closes #304
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908972 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r-- | modules/generators/mod_cgid.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index 08cdaccbf6..de3e4b353a 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, parent_pid = getpid(); tmp_sockname = ap_runtime_dir_relative(p, sockname); + if (!tmp_sockname) + return DECLINED; if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) { tmp_sockname[sizeof(server_addr->sun_path)] = '\0'; ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254) |