From 4d1b38642dcdf1408a84b58f0ba33504097b6d3e Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Fri, 14 Apr 2006 12:17:54 +0000 Subject: [PATCH] * Initialize last_char as otherwise a random value will be compared against APR_ASCII_LF at the end of the loop if bb only contains an EOS bucket. PR: 39282 Submitted by: Davi Arnaut Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@394070 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ server/protocol.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 700544e942..ddaed69d49 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) core: Prevent reading uninitialized memory while reading a line of + protocol input. PR 39282. [Davi Arnaut ] + *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX. [Jeff Trawick] diff --git a/server/protocol.c b/server/protocol.c index 9f792ecce2..74cfb9cf63 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -217,6 +217,14 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n, char *pos, *last_char = *s; int do_alloc = (*s == NULL), saw_eos = 0; + /* + * Initialize last_char as otherwise a random value will be compared + * against APR_ASCII_LF at the end of the loop if bb only contains an + * EOS bucket. + */ + if (last_char) + *last_char = '\0'; + for (;;) { apr_brigade_cleanup(bb); rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE, -- 2.40.0