From: Stefan Fritsch Date: Mon, 7 Nov 2011 21:47:39 +0000 (+0000) Subject: More checks of ap_pregsub return values X-Git-Tag: 2.3.15~38 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1356548ce073ccb5111ed6d17344161cff1b6824;p=apache More checks of ap_pregsub return values git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198959 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c index 45a1e85540..681aac5dad 100644 --- a/modules/metadata/mod_usertrack.c +++ b/modules/metadata/mod_usertrack.c @@ -62,6 +62,7 @@ #include "http_config.h" #include "http_core.h" #include "http_request.h" +#include "http_log.h" module AP_MODULE_DECLARE_DATA usertrack_module; @@ -219,6 +220,7 @@ static int spot_cookie(request_rec *r) if ((cookie_header = apr_table_get(r->headers_in, "Cookie"))) { if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) { char *cookieval = NULL; + int err = 0; /* Our regexp, * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+) * only allows for $1 or $2 to be available. ($0 is always @@ -228,10 +230,19 @@ static int spot_cookie(request_rec *r) if (regm[1].rm_so != -1) { cookieval = ap_pregsub(r->pool, "$1", cookie_header, NUM_SUBS, regm); + if (cookieval == NULL) + err = 1; } if (regm[2].rm_so != -1) { cookieval = ap_pregsub(r->pool, "$2", cookie_header, NUM_SUBS, regm); + if (cookieval == NULL) + err = 1; + } + if (err) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, + "Failed to extract cookie value (out of mem?)"); + return HTTP_INTERNAL_SERVER_ERROR; } /* Set the cookie in a note, for logging */ apr_table_setn(r->notes, "cookie", cookieval);