* Initialize last_char as otherwise a random value will be compared

author Ruediger Pluem <rpluem@apache.org>

Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)

committer Ruediger Pluem <rpluem@apache.org>

Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)
author Ruediger Pluem <rpluem@apache.org>
Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)
committer Ruediger Pluem <rpluem@apache.org>
Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)
diff --git a/CHANGES b/CHANGES

index 700544e942768b98083bc21febbd11addc97797c..ddaed69d49535e283504190c975ef0f1bf92b9e4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
  Changes with Apache 2.3.0
    [Remove entries to the current 2.0 and 2.2 section below, when backported]
  
+  *) core: Prevent reading uninitialized memory while reading a line of
+     protocol input.  PR 39282. [Davi Arnaut <davi haxent.com.br>]
+
    *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
       [Jeff Trawick]
  
diff --git a/server/protocol.c b/server/protocol.c

index 9f792ecce2458195be0aace9e1c67b73a62ba5b7..74cfb9cf6338b4b31d6de850cb5525db720cfc5d 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -217,6 +217,14 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
      char *pos, *last_char = *s;
      int do_alloc = (*s == NULL), saw_eos = 0;
  
+    /*
+     * Initialize last_char as otherwise a random value will be compared
+     * against APR_ASCII_LF at the end of the loop if bb only contains an
+     * EOS bucket.
+     */
+    if (last_char)
+        *last_char = '\0';
+
      for (;;) {
          apr_brigade_cleanup(bb);
          rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
author	Ruediger Pluem <rpluem@apache.org>
	Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)
committer	Ruediger Pluem <rpluem@apache.org>
	Fri, 14 Apr 2006 12:17:54 +0000 (12:17 +0000)
CHANGES		patch \| blob \| history
server/protocol.c		patch \| blob \| history