You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2006/04/21 20:43:37 UTC
svn commit: r395985 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
server/protocol.c
Author: niq
Date: Fri Apr 21 11:43:36 2006
New Revision: 395985
URL: http://svn.apache.org/viewcvs?rev=395985&view=rev
Log:
Backport fix to PR#39282
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/server/protocol.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Apr 21 11:43:36 2006
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.2
+ *) core: Prevent reading uninitialized memory while reading a line of
+ protocol input. PR 39282. [Davi Arnaut <davi haxent.com.br>]
+
*) mod_dbd: Update defaults, improve error reporting.
[Chris Darroch <chrisd pearsoncmg com>, Nick Kew]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/STATUS?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Apr 21 11:43:36 2006
@@ -107,23 +107,6 @@
Trunk version works
+1: rpluem, jim, wrowe
- * core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
- Trunk version of patch:
- http://svn.apache.org/viewcvs?rev=394070&view=rev
- 2.2.x version of patch:
- Trunk version works
- +1: rpluem, trawick (with rev 295381), pquerna (with rev 295381)
- niq: the new comment isn't accurate; it applies to any brigade
- containing only (one or more) zero-length buckets. The existing
- comment misled my review! Fix the comment and you have my +1
- for the fix.
- jim: agrees with niq.
- rpluem: Does http://svn.apache.org/viewcvs?rev=395381&view=rev address
- the concerns (BTW: Same text as colm used in the backport to 2.0.x
- (r395197))?
- jim, does your agreement with niq also include his +1 in the case
- the comment is fixed?
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
* Backport mod_authz_dbd (it's had some testing now)
Modified: httpd/httpd/branches/2.2.x/server/protocol.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/protocol.c?rev=395985&r1=395984&r2=395985&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/protocol.c (original)
+++ httpd/httpd/branches/2.2.x/server/protocol.c Fri Apr 21 11:43:36 2006
@@ -217,6 +217,15 @@
char *pos, *last_char = *s;
int do_alloc = (*s == NULL), saw_eos = 0;
+ /*
+ * Initialize last_char as otherwise a random value will be compared
+ * against APR_ASCII_LF at the end of the loop if bb only contains
+ * zero-length buckets.
+ */
+ if (last_char) {
+ *last_char = '\0';
+ }
+
for (;;) {
apr_brigade_cleanup(bb);
rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,