fix crash in util_fcgi.c
*) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
modules add empty environment variables to the request. PR60275.
[<alex2grad AT gmail.com>]
Submitted By: <alex2grad AT gmail.com>]
Committed By: covener
Submitted by: covener
Reviewed by: covener, jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1778050 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.26
+ *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
+ modules add empty environment variables to the request. PR60275.
+ [<alex2grad AT gmail.com>]
+
*) mod_http2: fix for possible page fault when stream is resumed during
session shutdown. [sidney-j-r-m (github)]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) util_fcgi: Fix crash with empty-valued envvars. PR60275
- trunk patch: http://svn.apache.org/r1775487.
- 2.4.x patch: trunk works
- +1 covener, jim, wrowe
-
*) mod_auth_digest: Reduce severity from NOTICE to DEBUG this
once-per-restart msg (I guess the concern was that the RNG
could block after this message)
envlen += keylen;
- vallen = strlen(elts[i].val);
+ vallen = elts[i].val ? strlen(elts[i].val) : 0;
if (vallen >> 7 == 0) {
envlen += 1;
buflen -= 4;
}
- vallen = strlen(elts[i].val);
+ vallen = elts[i].val ? strlen(elts[i].val) : 0;
if (vallen >> 7 == 0) {
if (buflen < 1) {
rv = APR_ENOSPC; /* overflow */
break;
}
- memcpy(itr, elts[i].val, vallen);
- itr += vallen;
+
+ if (elts[i].val) {
+ memcpy(itr, elts[i].val, vallen);
+ itr += vallen;
+ }
if (buflen == vallen) {
(*starting_elem)++;
projects / apache / commitdiff