From: Eric Covener Date: Wed, 21 Dec 2016 16:19:26 +0000 (+0000) Subject: fix crash in util_fcgi.c X-Git-Tag: 2.5.0-alpha~885 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b9822a70a1d1b46a12084ea0eccac876c628ea84;p=apache fix crash in util_fcgi.c *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when modules add empty environment variables to the request. PR60275. [] Submitted By: ] Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775487 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index dd9d3da2be..493eef64a1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when + modules add empty environment variables to the request. PR60275. + [] + *) mod_rewrite: Limit runaway memory use by short circuiting some kinds of looping RewriteRules when the local path significantly exceeds LimitRequestLine. PR 60478. [Jeff Wheelhouse ] diff --git a/server/util_fcgi.c b/server/util_fcgi.c index a241e965f6..7fb2c8c1c2 100644 --- a/server/util_fcgi.c +++ b/server/util_fcgi.c @@ -153,7 +153,7 @@ AP_DECLARE(apr_size_t) ap_fcgi_encoded_env_len(apr_table_t *env, envlen += keylen; - vallen = strlen(elts[i].val); + vallen = elts[i].val ? strlen(elts[i].val) : 0; if (vallen >> 7 == 0) { envlen += 1; @@ -226,7 +226,7 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_env(request_rec *r, buflen -= 4; } - vallen = strlen(elts[i].val); + vallen = elts[i].val ? strlen(elts[i].val) : 0; if (vallen >> 7 == 0) { if (buflen < 1) { @@ -262,8 +262,11 @@ AP_DECLARE(apr_status_t) ap_fcgi_encode_env(request_rec *r, rv = APR_ENOSPC; /* overflow */ break; } - memcpy(itr, elts[i].val, vallen); - itr += vallen; + + if (elts[i].val) { + memcpy(itr, elts[i].val, vallen); + itr += vallen; + } if (buflen == vallen) { (*starting_elem)++;