You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/07/03 21:53:10 UTC
svn commit: r1356894 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS
server/util_script.c
Author: sf
Date: Tue Jul 3 19:53:09 2012
New Revision: 1356894
URL: http://svn.apache.org/viewvc?rev=1356894&view=rev
Log:
Merge r1244211:
Make sure the getsfunc_*() functions used by ap_scan_script_header_err*()
NUL-terminate the resulting string, even in case of an error. mod_cgi and
mod_cgid try to log incomplete output from CGI scripts.
Reviewed by: sf, covener, wrowe
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/server/util_script.c
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1244211
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1356894&r1=1356893&r2=1356894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Jul 3 19:53:09 2012
@@ -5,6 +5,9 @@ Changes with Apache 2.2.23
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
+ *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
+ from logging bogus data in case of errors. [Stefan Fritsch]
+
*) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
response is a 206 Partial Content. This stops a reverse proxied partial
response from becoming cached, and then being served in subsequent
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1356894&r1=1356893&r2=1356894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Jul 3 19:53:09 2012
@@ -93,16 +93,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: NUL-terminate string returned by ap_scan_script_header_err*()
- in error case.
- Trunk patch:
- http://svn.apache.org/viewvc?rev=1244211&view=rev
- 2.4.x patch:
- http://svn.apache.org/viewvc?rev=1244213&view=rev
- 2.2.x patch:
- Trunk version works
- +1: sf, covener, wrowe
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/server/util_script.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/util_script.c?rev=1356894&r1=1356893&r2=1356894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/util_script.c (original)
+++ httpd/httpd/branches/2.2.x/server/util_script.c Tue Jul 3 19:53:09 2012
@@ -636,6 +636,7 @@ static int getsfunc_BRIGADE(char *buf, i
rv = apr_bucket_read(e, &bucket_data, &bucket_data_len,
APR_BLOCK_READ);
if (rv != APR_SUCCESS || (bucket_data_len == 0)) {
+ *dst = '\0';
return APR_STATUS_IS_TIMEUP(rv) ? -1 : 0;
}
src = bucket_data;
@@ -681,8 +682,10 @@ static int getsfunc_STRING(char *w, int
const char *p;
int t;
- if (!strs->curpos || !*strs->curpos)
+ if (!strs->curpos || !*strs->curpos) {
+ w[0] = '\0';
return 0;
+ }
p = ap_strchr_c(strs->curpos, '\n');
if (p)
++p;