From: Graham Leggett <minfrin@apache.org>
Date: Sun, 12 May 2013 10:26:22 +0000 (+0000)
Subject: mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559
X-Git-Tag: 2.4.5~291
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c02d9c3fecfc407a56ad08e6aed2b626608e4b6b;p=apache

mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559

trunk patch: http://svn.apache.org/r1476645
Submitted by: Diego Santa Cruz <diego.santaCruz spinetix.com>
Reviewed by: minfrin, covener, sf


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1481513 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 34cb3ed2fd..c63b7f13f5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.5
 
+  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
+     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
+
   *) core: Improve error message where client's request-line exceeds
      LimitRequestLine. PR 54384 [Christophe Jaillet]
 
diff --git a/STATUS b/STATUS
index b98600185c..b4233a948a 100644
--- a/STATUS
+++ b/STATUS
@@ -90,11 +90,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    * mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559
-      trunk patch: http://svn.apache.org/r1476645
-      2.4.x patch: trunk patch works (minus CHANGES)
-      +1: minfrin, covener, sf
-
     * event MPM: Provide error handling for ThreadStackSize. PR 54311
       trunk patch: http://svn.apache.org/r1433682
       2.4.x patch: http://people.apache.org/~minfrin/httpd-event-ThreadStackSize-error.patch
diff --git a/modules/dav/main/props.c b/modules/dav/main/props.c
index d87dd61131..e5eaef165a 100644
--- a/modules/dav/main/props.c
+++ b/modules/dav/main/props.c
@@ -594,13 +594,14 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
         if (propdb->db != NULL) {
             dav_xmlns_info *xi = dav_xmlns_create(propdb->p);
             dav_prop_name name;
+            dav_error *err;
 
             /* define (up front) any namespaces the db might need */
             (void) (*db_hooks->define_namespaces)(propdb->db, xi);
 
             /* get the first property name, beginning the scan */
-            (void) (*db_hooks->first_name)(propdb->db, &name);
-            while (name.ns != NULL) {
+            err = (*db_hooks->first_name)(propdb->db, &name);
+            while (!err && name.ns) {
 
                 /*
                 ** We also look for <DAV:getcontenttype> and
@@ -619,7 +620,6 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
                 }
 
                 if (what == DAV_PROP_INSERT_VALUE) {
-                    dav_error *err;
                     int found;
 
                     if ((err = (*db_hooks->output_value)(propdb->db, &name,
@@ -638,7 +638,7 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
                 }
 
               next_key:
-                (void) (*db_hooks->next_name)(propdb->db, &name);
+                err = (*db_hooks->next_name)(propdb->db, &name);
             }
 
             /* all namespaces have been entered into xi. generate them into