You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2023/04/05 06:49:10 UTC
Re: svn commit: r1908972 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
On 4/4/23 11:43 PM, gbechis@apache.org wrote:
> Author: gbechis
> Date: Tue Apr 4 21:43:46 2023
> New Revision: 1908972
>
> URL: http://svn.apache.org/viewvc?rev=1908972&view=rev
> Log:
> Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
>
> ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
> does not check the return value of ap_runtime_dir_relative() and use it
> directly.
>
> Fix this bug by adding a NULL check.
>
> Submitted by: Zhou Qingyang <zh...@umn.edu>
>
> Github: closes #304
>
> Modified:
> httpd/httpd/trunk/modules/generators/mod_cgid.c
>
> Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1908972&r1=1908971&r2=1908972&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
> +++ httpd/httpd/trunk/modules/generators/mod_cgid.c Tue Apr 4 21:43:46 2023
> @@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_
>
> parent_pid = getpid();
> tmp_sockname = ap_runtime_dir_relative(p, sockname);
> + if (!tmp_sockname)
> + return DECLINED;
I think we should log an error before we return as in this case the cgi daemon will not start.
> if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
> tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
> ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254)
>
>
>
Regards
RĂ¼diger
Re: svn commit: r1908972 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
Posted by gi...@paclan.it.
On 4/5/23 08:49, Ruediger Pluem wrote:
>
>
> On 4/4/23 11:43 PM, gbechis@apache.org wrote:
>> Author: gbechis
>> Date: Tue Apr 4 21:43:46 2023
>> New Revision: 1908972
>>
>> URL: http://svn.apache.org/viewvc?rev=1908972&view=rev
>> Log:
>> Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
>>
>> ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
>> does not check the return value of ap_runtime_dir_relative() and use it
>> directly.
>>
>> Fix this bug by adding a NULL check.
>>
>> Submitted by: Zhou Qingyang <zh...@umn.edu>
>>
>> Github: closes #304
>>
>> Modified:
>> httpd/httpd/trunk/modules/generators/mod_cgid.c
>>
>> Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1908972&r1=1908971&r2=1908972&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
>> +++ httpd/httpd/trunk/modules/generators/mod_cgid.c Tue Apr 4 21:43:46 2023
>> @@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_
>>
>> parent_pid = getpid();
>> tmp_sockname = ap_runtime_dir_relative(p, sockname);
>> + if (!tmp_sockname)
>> + return DECLINED;
>
> I think we should log an error before we return as in this case the cgi daemon will not start.
>
correct, just added a ap_log_error line, thanks.
Thanks
Giovanni
>> if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
>> tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
>> ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254)
>>
>>
>>
>
> Regards
>
> RĂ¼diger
>