You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@apache.org on 2019/09/10 19:36:38 UTC
svn commit: r1866760 - /httpd/apreq/trunk/library/parser_multipart.c
Author: max
Date: Tue Sep 10 19:36:38 2019
New Revision: 1866760
URL: http://svn.apache.org/viewvc?rev=1866760&view=rev
Log:
parser_multipart: fix NULL pointer dereference in nested multipart
create_multipart_context() can return NULL if the given Content-Type
was not recognized (if there is no "boundary" attribute). This
crashes libapreq2.
This bug was introduced by SVN commit 227276. Prior to this commit,
there was a NULL check, but the commit removed it:
http://svn.apache.org/viewvc/httpd/apreq/trunk/library/parser_multipart.c?r1=227276&r2=227275&pathrev=227276
Modified:
httpd/apreq/trunk/library/parser_multipart.c
Modified: httpd/apreq/trunk/library/parser_multipart.c
URL: http://svn.apache.org/viewvc/httpd/apreq/trunk/library/parser_multipart.c?rev=1866760&r1=1866759&r2=1866760&view=diff
==============================================================================
--- httpd/apreq/trunk/library/parser_multipart.c (original)
+++ httpd/apreq/trunk/library/parser_multipart.c Tue Sep 10 19:36:38 2019
@@ -410,6 +410,10 @@ APREQ_DECLARE_PARSER(apreq_parse_multipa
parser->brigade_limit,
parser->temp_dir,
ctx->level + 1);
+ if (next_ctx == NULL) {
+ ctx->status = MFD_ERROR;
+ goto mfd_parse_brigade;
+ }
next_ctx->param_name = "";