You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2016/12/21 16:19:26 UTC

svn commit: r1775487 - in /httpd/httpd/trunk: CHANGES server/util_fcgi.c

Author: covener
Date: Wed Dec 21 16:19:26 2016
New Revision: 1775487

URL: http://svn.apache.org/viewvc?rev=1775487&view=rev
Log:
fix crash in util_fcgi.c

 *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
    modules add empty environment variables to the request. PR60275.
    [<alex2grad AT gmail.com>]

Submitted By: <alex2grad AT gmail.com>]
Committed By: covener



Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/util_fcgi.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1775487&r1=1775486&r2=1775487&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 21 16:19:26 2016
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+ *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
+    modules add empty environment variables to the request. PR60275.
+    [<alex2grad AT gmail.com>]
+    
  *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
     looping RewriteRules when the local path significantly exceeds 
     LimitRequestLine.  PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]

Modified: httpd/httpd/trunk/server/util_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_fcgi.c?rev=1775487&r1=1775486&r2=1775487&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_fcgi.c (original)
+++ httpd/httpd/trunk/server/util_fcgi.c Wed Dec 21 16:19:26 2016
@@ -153,7 +153,7 @@ AP_DECLARE(apr_size_t) ap_fcgi_encoded_e
 
         envlen += keylen;
 
-        vallen = strlen(elts[i].val);
+        vallen = elts[i].val ? strlen(elts[i].val) : 0;
 
         if (vallen >> 7 == 0) {
             envlen += 1;
@@ -226,7 +226,7 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_
             buflen -= 4;
         }
 
-        vallen = strlen(elts[i].val);
+        vallen = elts[i].val ? strlen(elts[i].val) : 0;
 
         if (vallen >> 7 == 0) {
             if (buflen < 1) {
@@ -262,8 +262,11 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_
             rv = APR_ENOSPC; /* overflow */
             break;
         }
-        memcpy(itr, elts[i].val, vallen);
-        itr += vallen;
+
+        if (elts[i].val) {
+            memcpy(itr, elts[i].val, vallen);
+            itr += vallen;
+        }
 
         if (buflen == vallen) {
             (*starting_elem)++;