You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2006/04/21 20:43:37 UTC

svn commit: r395985 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/protocol.c

Author: niq
Date: Fri Apr 21 11:43:36 2006
New Revision: 395985

URL: http://svn.apache.org/viewcvs?rev=395985&view=rev
Log:
Backport fix to PR#39282

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/server/protocol.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Apr 21 11:43:36 2006
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.2
 
+  *) core: Prevent reading uninitialized memory while reading a line of
+     protocol input.  PR 39282. [Davi Arnaut <davi haxent.com.br>]
+
   *) mod_dbd: Update defaults, improve error reporting.
      [Chris Darroch <chrisd pearsoncmg com>, Nick Kew]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/STATUS?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Apr 21 11:43:36 2006
@@ -107,23 +107,6 @@
           Trunk version works
       +1: rpluem, jim, wrowe
 
-    * core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
-        Trunk version of patch:
-          http://svn.apache.org/viewcvs?rev=394070&view=rev
-        2.2.x version of patch:
-          Trunk version works
-      +1: rpluem, trawick (with rev 295381), pquerna (with rev 295381)
-      niq: the new comment isn't accurate; it applies to any brigade
-      containing only (one or more) zero-length buckets.  The existing
-      comment misled my review!  Fix the comment and you have my +1
-      for the fix.
-      jim: agrees with niq.
-      rpluem: Does http://svn.apache.org/viewcvs?rev=395381&view=rev address
-              the concerns (BTW: Same text as colm used in the backport to 2.0.x
-              (r395197))?
-              jim, does your agreement with niq also include his +1 in the case
-              the comment is fixed?
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * Backport mod_authz_dbd (it's had some testing now)

Modified: httpd/httpd/branches/2.2.x/server/protocol.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/protocol.c?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/protocol.c (original)
+++ httpd/httpd/branches/2.2.x/server/protocol.c Fri Apr 21 11:43:36 2006
@@ -217,6 +217,15 @@
     char *pos, *last_char = *s;
     int do_alloc = (*s == NULL), saw_eos = 0;
 
+    /*
+     * Initialize last_char as otherwise a random value will be compared
+     * against APR_ASCII_LF at the end of the loop if bb only contains
+     * zero-length buckets.
+     */
+    if (last_char) {
+        *last_char = '\0';
+    }
+
     for (;;) {
         apr_brigade_cleanup(bb);
         rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,