From eb9b13fef44ebe09fdf695ade550b6568bcd6751 Mon Sep 17 00:00:00 2001 From: Daniel Ruggeri Date: Thu, 14 Jun 2018 21:44:06 +0000 Subject: [PATCH] fix a potential NULL dereference spotted by gcc 8.1.0 *) mod_ssl: fix a potential NULL dereference spotted by gcc 8.1.0 mod_http2: silence gcc strncpy warnings which break compilation in maintainer mode with gcc 8.1.0 trunk patch: http://svn.apache.org/r1831231 http://svn.apache.org/r1831591 http://svn.apache.org/r1832934 http://svn.apache.org/r1832937 2.4.x patch: svn merge -c 1831231,1831591,1832934,1832937 ^/httpd/httpd/trunk . +1: ylavic, icing, jailletc36 (by inspection) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1833564 13f79535-47bb-0310-9956-ffa450edef68 --- STATUS | 11 ----------- modules/http2/h2_proxy_util.c | 14 ++++++-------- modules/ssl/ssl_engine_kernel.c | 3 ++- 3 files changed, 8 insertions(+), 20 deletions(-) diff --git a/STATUS b/STATUS index e33ff9f513..329f964ba4 100644 --- a/STATUS +++ b/STATUS @@ -137,17 +137,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ssl: fix a potential NULL dereference spotted by gcc 8.1.0 - mod_http2: silence gcc strncpy warnings which break compilation in - maintainer mode with gcc 8.1.0 - trunk patch: http://svn.apache.org/r1831231 - http://svn.apache.org/r1831591 - http://svn.apache.org/r1832934 - http://svn.apache.org/r1832937 - 2.4.x patch: svn merge -c 1831231,1831591,1832934,1832937 ^/httpd/httpd/trunk . - +1: ylavic, icing, jailletc36 (by inspection) - - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/http2/h2_proxy_util.c b/modules/http2/h2_proxy_util.c index 700c915127..bd45294e1a 100644 --- a/modules/http2/h2_proxy_util.c +++ b/modules/http2/h2_proxy_util.c @@ -916,8 +916,8 @@ static size_t subst_str(link_ctx *ctx, int start, int end, const char *ns) delta = nlen - olen; plen = ctx->slen + delta + 1; p = apr_pcalloc(ctx->pool, plen); - strncpy(p, ctx->s, start); - strncpy(p + start, ns, nlen); + memcpy(p, ctx->s, start); + memcpy(p + start, ns, nlen); strcpy(p + start + nlen, ctx->s + end); ctx->s = p; ctx->slen = (int)strlen(p); @@ -943,7 +943,7 @@ static void map_link(link_ctx *ctx) /* common to use relative uris in link header, for mappings * to work need to prefix the backend server uri */ need_len += ctx->psu_len; - strncpy(buffer, ctx->p_server_uri, sizeof(buffer)); + apr_cpystrn(buffer, ctx->p_server_uri, sizeof(buffer)); buffer_len = ctx->psu_len; } if (need_len > sizeof(buffer)) { @@ -951,9 +951,7 @@ static void map_link(link_ctx *ctx) "link_reverse_map uri too long, skipped: %s", ctx->s); return; } - strncpy(buffer + buffer_len, ctx->s + ctx->link_start, link_len); - buffer_len += link_len; - buffer[buffer_len] = '\0'; + apr_cpystrn(buffer + buffer_len, ctx->s + ctx->link_start, link_len + 1); if (!prepend_p_server && strcmp(ctx->real_backend_uri, ctx->p_server_uri) && !strncmp(buffer, ctx->real_backend_uri, ctx->rbu_len)) { @@ -961,8 +959,8 @@ static void map_link(link_ctx *ctx) * to work, we need to use the proxy uri */ int path_start = ctx->link_start + ctx->rbu_len; link_len -= ctx->rbu_len; - strcpy(buffer, ctx->p_server_uri); - strncpy(buffer + ctx->psu_len, ctx->s + path_start, link_len); + memcpy(buffer, ctx->p_server_uri, ctx->psu_len); + memcpy(buffer + ctx->psu_len, ctx->s + path_start, link_len); buffer_len = ctx->psu_len + link_len; buffer[buffer_len] = '\0'; } diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index bdcad75c83..b1591edc5f 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2392,7 +2392,7 @@ int ssl_callback_alpn_select(SSL *ssl, void *arg) { conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); - SSLConnRec *sslconn = myConnConfig(c); + SSLConnRec *sslconn; apr_array_header_t *client_protos; const char *proposed; size_t len; @@ -2403,6 +2403,7 @@ int ssl_callback_alpn_select(SSL *ssl, if (c == NULL) { return SSL_TLSEXT_ERR_OK; } + sslconn = myConnConfig(c); if (inlen == 0) { /* someone tries to trick us? */ -- 2.50.1