From: Sascha Schumann <sas@php.net>
Date: Fri, 26 Jul 2002 16:16:12 +0000 (+0000)
Subject: Fix segfault due to unchecked null pointer
X-Git-Tag: dev~152
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8fd3f14ab17c6064cdc2a789d74322c71cbf352f;p=php

Fix segfault due to unchecked null pointer
---

diff --git a/sapi/thttpd/thttpd_patch b/sapi/thttpd/thttpd_patch
index b47dc3ad70..13e80c4b73 100644
--- a/sapi/thttpd/thttpd_patch
+++ b/sapi/thttpd/thttpd_patch
@@ -1,6 +1,6 @@
-diff -u thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
+diff -Nur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
 --- thttpd-2.21b/Makefile.in	Thu Mar 29 20:36:21 2001
-+++ thttpd-2.21b-cool/Makefile.in	Sun Jul 14 13:54:27 2002
++++ thttpd-2.21b-cool/Makefile.in	Fri Jul 26 18:12:50 2002
 @@ -46,13 +46,15 @@
  
  # You shouldn't need to edit anything below here.
@@ -38,9 +38,9 @@ diff -u thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
  
  tar:
  	@name=`sed -n -e '/SERVER_SOFTWARE/!d' -e 's,.*thttpd/,thttpd-,' -e 's, .*,,p' version.h` ; \
-diff -u thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
+diff -Nur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
 --- thttpd-2.21b/config.h	Mon Apr  9 23:57:36 2001
-+++ thttpd-2.21b-cool/config.h	Sun Jul 14 15:58:48 2002
++++ thttpd-2.21b-cool/config.h	Fri Jul 26 18:12:50 2002
 @@ -82,6 +82,11 @@
  */
  #define IDLE_READ_TIMELIMIT 60
@@ -62,9 +62,9 @@ diff -u thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
  
  /* CONFIGURE: If this is defined then thttpd will automatically generate
  ** index pages for directories that don't have an explicit index file.
-diff -u thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
+diff -Nur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
 --- thttpd-2.21b/fdwatch.c	Fri Apr 13 07:36:08 2001
-+++ thttpd-2.21b-cool/fdwatch.c	Sun Jul 14 13:54:27 2002
++++ thttpd-2.21b-cool/fdwatch.c	Fri Jul 26 18:12:50 2002
 @@ -460,7 +460,7 @@
  
      ridx = 0;
@@ -85,9 +85,9 @@ diff -u thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
  	default: return 0;
  	}
      }
-diff -u thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
+diff -Nur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 --- thttpd-2.21b/libhttpd.c	Tue Apr 24 00:42:40 2001
-+++ thttpd-2.21b-cool/libhttpd.c	Sun Jul 14 19:37:05 2002
++++ thttpd-2.21b-cool/libhttpd.c	Fri Jul 26 18:12:50 2002
 @@ -85,6 +85,8 @@
  #include "match.h"
  #include "tdate_parse.h"
@@ -440,9 +440,9 @@ diff -u thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	    hc->sb.st_mtime );
  	}
  
-diff -u thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
+diff -Nur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
 --- thttpd-2.21b/libhttpd.h	Tue Apr 24 00:36:50 2001
-+++ thttpd-2.21b-cool/libhttpd.h	Sun Jul 14 19:37:17 2002
++++ thttpd-2.21b-cool/libhttpd.h	Fri Jul 26 18:12:50 2002
 @@ -69,6 +69,7 @@
      char* server_hostname;
      int port;
@@ -469,9 +469,9 @@ diff -u thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
  
  /* Call this to de-initialize a connection struct and *really* free the
  ** mallocced strings.
-diff -u thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
+diff -Nur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
 --- thttpd-2.21b/mime_encodings.txt	Wed May 10 03:22:28 2000
-+++ thttpd-2.21b-cool/mime_encodings.txt	Sun Jul 14 13:54:27 2002
++++ thttpd-2.21b-cool/mime_encodings.txt	Fri Jul 26 18:12:50 2002
 @@ -3,6 +3,6 @@
  # A list of file extensions followed by the corresponding MIME encoding.
  # Extensions not found in the table proceed to the mime_types table.
@@ -481,9 +481,9 @@ diff -u thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
 +Z	compress
 +gz	gzip
  uu	x-uuencode
-diff -u thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
+diff -Nur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 --- thttpd-2.21b/mime_types.txt	Sat Apr 14 04:53:30 2001
-+++ thttpd-2.21b-cool/mime_types.txt	Sun Jul 14 14:05:09 2002
++++ thttpd-2.21b-cool/mime_types.txt	Fri Jul 26 18:12:50 2002
 @@ -1,135 +1,138 @@
 -# mime_types.txt
 -#
@@ -732,9 +732,9 @@ diff -u thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 +avi	video/x-msvideo
 +movie	video/x-sgi-movie
 +ice	x-conference/x-cooltalk
-diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
+diff -Nur thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
 --- thttpd-2.21b/thttpd.c	Tue Apr 24 00:41:57 2001
-+++ thttpd-2.21b-cool/thttpd.c	Sun Jul 14 19:41:05 2002
++++ thttpd-2.21b-cool/thttpd.c	Fri Jul 26 18:14:25 2002
 @@ -95,6 +95,7 @@
      httpd_conn* hc;
      int tnums[MAXTHROTTLENUMS];         /* throttle indexes */
@@ -839,7 +839,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  
  	/* Set the connection file descriptor to no-delay mode. */
  	httpd_set_ndelay( c->hc->conn_fd );
-@@ -1297,12 +1313,38 @@
+@@ -1297,12 +1313,40 @@
  	}
      }
  
@@ -853,8 +853,10 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
 +    c->started_at = tvP->tv_sec;
 +    c->wouldblock_delay = 0;
 +    client_data.p = c;
-+    tmr_cancel( c->idle_read_timer );
-+    c->idle_read_timer = (Timer*) 0;
++    if (c->idle_read_timer != 0) {
++		tmr_cancel( c->idle_read_timer );
++	    c->idle_read_timer = (Timer*) 0;
++	}
 +    c->idle_send_timer = tmr_create(
 +	tvP, idle_send_connection, client_data, IDLE_SEND_TIMELIMIT * 1000L,
 +	0 );
@@ -879,7 +881,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
      httpd_conn* hc = c->hc;
  
      /* Is there room in our buffer to read more bytes? */
-@@ -1311,7 +1353,7 @@
+@@ -1311,7 +1355,7 @@
  	if ( hc->read_size > 5000 )
  	    {
  	    httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
@@ -888,7 +890,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	    return;
  	    }
  	httpd_realloc_str(
-@@ -1327,29 +1369,69 @@
+@@ -1327,29 +1371,69 @@
      ** EWOULDBLOCK; however, this apparently can happen if a packet gets
      ** garbled.
      */
@@ -966,7 +968,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	return;
  	}
  
-@@ -1358,7 +1440,7 @@
+@@ -1358,7 +1442,7 @@
  	{
  	httpd_send_err(
  	    hc, 503, httpd_err503title, "", httpd_err503form, hc->encodedurl );
@@ -975,7 +977,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	return;
  	}
  
-@@ -1366,7 +1448,7 @@
+@@ -1366,7 +1450,7 @@
      if ( httpd_start_request( hc, tvP ) < 0 )
  	{
  	/* Something went wrong.  Close down the connection. */
@@ -984,7 +986,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	return;
  	}
  
-@@ -1384,37 +1466,26 @@
+@@ -1384,37 +1468,26 @@
  	{
  	/* No file address means someone else is handling it. */
  	c->bytes_sent = hc->bytes_sent;
@@ -1031,7 +1033,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  static void
  handle_send( connecttab* c, struct timeval* tvP )
      {
-@@ -1443,6 +1514,9 @@
+@@ -1443,6 +1516,9 @@
  	iv[1].iov_base = &(hc->file_address[c->bytes_sent]);
  	iv[1].iov_len = MIN( c->bytes_to_send - c->bytes_sent, c->limit );
  	sz = writev( hc->conn_fd, iv, 2 );
@@ -1041,7 +1043,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	}
  
      if ( sz == 0 ||
-@@ -1486,7 +1560,7 @@
+@@ -1486,7 +1562,7 @@
  	*/
  	if ( errno != EPIPE && errno != EINVAL && errno != ECONNRESET )
  	    syslog( LOG_ERR, "write - %m sending %.80s", hc->encodedurl );
@@ -1050,7 +1052,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	return;
  	}
  
-@@ -1500,7 +1574,7 @@
+@@ -1500,7 +1576,7 @@
  	    {
  	    /* Yes; move the unwritten part to the front of the buffer. */
  	    int newlen = hc->responselen - sz;
@@ -1059,7 +1061,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	    hc->responselen = newlen;
  	    sz = 0;
  	    }
-@@ -1519,7 +1593,7 @@
+@@ -1519,7 +1595,7 @@
      if ( c->bytes_sent >= c->bytes_to_send )
  	{
  	/* This conection is finished! */
@@ -1068,7 +1070,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	return;
  	}
  
-@@ -1560,6 +1634,9 @@
+@@ -1560,6 +1636,9 @@
      char buf[1024];
      int r;
  
@@ -1078,7 +1080,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
      /* In lingering-close mode we just read and ignore bytes.  An error
      ** or EOF ends things, otherwise we go until a timeout.
      */
-@@ -1569,6 +1646,37 @@
+@@ -1569,6 +1648,37 @@
      }
  
  
@@ -1116,7 +1118,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  static int
  check_throttles( connecttab* c )
      {
-@@ -1635,12 +1743,17 @@
+@@ -1635,12 +1745,17 @@
  
  
  static void
@@ -1136,7 +1138,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  
      if ( c->idle_read_timer != (Timer*) 0 )
  	{
-@@ -1669,13 +1782,45 @@
+@@ -1669,13 +1784,45 @@
      ** circumstances that make a lingering close necessary.  If the flag
      ** isn't set we do the real close now.
      */
@@ -1184,7 +1186,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	client_data.p = c;
  	c->linger_timer = tmr_create(
  	    tvP, linger_clear_connection, client_data, LINGER_TIME * 1000L, 0 );
-@@ -1684,9 +1829,19 @@
+@@ -1684,9 +1831,19 @@
  	    syslog( LOG_CRIT, "tmr_create(linger_clear_connection) failed" );
  	    exit( 1 );
  	    }
@@ -1205,7 +1207,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
      }
  
  
-@@ -1716,11 +1871,13 @@
+@@ -1716,11 +1873,13 @@
      c->idle_read_timer = (Timer*) 0;
      if ( c->conn_state != CNST_FREE )
  	{
@@ -1224,7 +1226,7 @@ diff -u thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
  	}
      }
  
-@@ -1737,7 +1894,7 @@
+@@ -1737,7 +1896,7 @@
  	syslog( LOG_INFO,
  	    "%.80s connection timed out sending",
  	    httpd_ntoa( &c->hc->client_addr ) );