You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/12/21 16:19:26 UTC
svn commit: r1775487 - in /httpd/httpd/trunk: CHANGES server/util_fcgi.c
Author: covener
Date: Wed Dec 21 16:19:26 2016
New Revision: 1775487
URL: http://svn.apache.org/viewvc?rev=1775487&view=rev
Log:
fix crash in util_fcgi.c
*) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
modules add empty environment variables to the request. PR60275.
[<alex2grad AT gmail.com>]
Submitted By: <alex2grad AT gmail.com>]
Committed By: covener
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/server/util_fcgi.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1775487&r1=1775486&r2=1775487&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 21 16:19:26 2016
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
+ modules add empty environment variables to the request. PR60275.
+ [<alex2grad AT gmail.com>]
+
*) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
looping RewriteRules when the local path significantly exceeds
LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
Modified: httpd/httpd/trunk/server/util_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_fcgi.c?rev=1775487&r1=1775486&r2=1775487&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_fcgi.c (original)
+++ httpd/httpd/trunk/server/util_fcgi.c Wed Dec 21 16:19:26 2016
@@ -153,7 +153,7 @@ AP_DECLARE(apr_size_t) ap_fcgi_encoded_e
envlen += keylen;
- vallen = strlen(elts[i].val);
+ vallen = elts[i].val ? strlen(elts[i].val) : 0;
if (vallen >> 7 == 0) {
envlen += 1;
@@ -226,7 +226,7 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_
buflen -= 4;
}
- vallen = strlen(elts[i].val);
+ vallen = elts[i].val ? strlen(elts[i].val) : 0;
if (vallen >> 7 == 0) {
if (buflen < 1) {
@@ -262,8 +262,11 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_
rv = APR_ENOSPC; /* overflow */
break;
}
- memcpy(itr, elts[i].val, vallen);
- itr += vallen;
+
+ if (elts[i].val) {
+ memcpy(itr, elts[i].val, vallen);
+ itr += vallen;
+ }
if (buflen == vallen) {
(*starting_elem)++;