fix a potential NULL dereference spotted by gcc 8.1.0

 *) mod_ssl: fix a potential NULL dereference spotted by gcc 8.1.0
    mod_http2: silence gcc strncpy warnings which break compilation in
               maintainer mode with gcc 8.1.0
    trunk patch: http://svn.apache.org/r1831231
                 http://svn.apache.org/r1831591
                 http://svn.apache.org/r1832934
                 http://svn.apache.org/r1832937
    2.4.x patch: svn merge -c 1831231,1831591,1832934,1832937 ^/httpd/httpd/trunk .
    +1: ylavic, icing, jailletc36 (by inspection)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833564 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index e33ff9f513f72ff5c37ea701e8616e5b78e1791d..329f964ba403cb4945fd9ee9a7bf6d8ffc0333a3 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -137,17 +137,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: fix a potential NULL dereference spotted by gcc 8.1.0
-     mod_http2: silence gcc strncpy warnings which break compilation in
-                maintainer mode with gcc 8.1.0
-     trunk patch: http://svn.apache.org/r1831231
-                  http://svn.apache.org/r1831591
-                  http://svn.apache.org/r1832934
-                  http://svn.apache.org/r1832937
-     2.4.x patch: svn merge -c 1831231,1831591,1832934,1832937 ^/httpd/httpd/trunk .
-     +1: ylavic, icing, jailletc36 (by inspection)
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

diff --git a/modules/http2/h2_proxy_util.c b/modules/http2/h2_proxy_util.c
index 700c9151278ffaad6110ec71884215838af696d2..bd45294e1aba59449638b7c0a9eb6e3bf7aecfcb 100644 (file)
--- a/modules/http2/h2_proxy_util.c
+++ b/modules/http2/h2_proxy_util.c
@@ -916,8 +916,8 @@ static size_t subst_str(link_ctx *ctx, int start, int end, const char *ns)
     delta = nlen - olen;
     plen = ctx->slen + delta + 1;
     p = apr_pcalloc(ctx->pool, plen);
-    strncpy(p, ctx->s, start);
-    strncpy(p + start, ns, nlen);
+    memcpy(p, ctx->s, start);
+    memcpy(p + start, ns, nlen);
     strcpy(p + start + nlen, ctx->s + end);
     ctx->s = p;
     ctx->slen = (int)strlen(p);
@@ -943,7 +943,7 @@ static void map_link(link_ctx *ctx)
             /* common to use relative uris in link header, for mappings
              * to work need to prefix the backend server uri */
             need_len += ctx->psu_len;
-            strncpy(buffer, ctx->p_server_uri, sizeof(buffer));
+            apr_cpystrn(buffer, ctx->p_server_uri, sizeof(buffer));
             buffer_len = ctx->psu_len;
         }
         if (need_len > sizeof(buffer)) {
@@ -951,9 +951,7 @@ static void map_link(link_ctx *ctx)
                           "link_reverse_map uri too long, skipped: %s", ctx->s);
             return;
         }
-        strncpy(buffer + buffer_len, ctx->s + ctx->link_start, link_len);
-        buffer_len += link_len;
-        buffer[buffer_len] = '\0';
+        apr_cpystrn(buffer + buffer_len, ctx->s + ctx->link_start, link_len + 1);
         if (!prepend_p_server
             && strcmp(ctx->real_backend_uri, ctx->p_server_uri)
             && !strncmp(buffer, ctx->real_backend_uri, ctx->rbu_len)) {
@@ -961,8 +959,8 @@ static void map_link(link_ctx *ctx)
              * to work, we need to use the proxy uri */
             int path_start = ctx->link_start + ctx->rbu_len;
             link_len -= ctx->rbu_len;
-            strcpy(buffer, ctx->p_server_uri);
-            strncpy(buffer + ctx->psu_len, ctx->s + path_start, link_len);
+            memcpy(buffer, ctx->p_server_uri, ctx->psu_len);
+            memcpy(buffer + ctx->psu_len, ctx->s + path_start, link_len);
             buffer_len = ctx->psu_len + link_len;
             buffer[buffer_len] = '\0';            
         }

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index bdcad75c838373765fb6c4df5b3955c428f2791a..b1591edc5fe4b2ff4d73f844def7d986b7733e65 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2392,7 +2392,7 @@ int ssl_callback_alpn_select(SSL *ssl,
                              void *arg)
 {
     conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
-    SSLConnRec *sslconn = myConnConfig(c);
+    SSLConnRec *sslconn;
     apr_array_header_t *client_protos;
     const char *proposed;
     size_t len;
@@ -2403,6 +2403,7 @@ int ssl_callback_alpn_select(SSL *ssl,
     if (c == NULL) {
         return SSL_TLSEXT_ERR_OK;
     }
+    sslconn = myConnConfig(c);
 
     if (inlen == 0) {
         /* someone tries to trick us? */