fix a potential NULL dereference spotted by gcc 8.1.0 (4b3e9221) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

STATUS

+0 −11

Original line number	Diff line number	Diff line
		@@ -137,17 +137,6 @@ RELEASE SHOWSTOPPERS:
		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		[ start all new proposals below, under PATCHES PROPOSED. ]

		*) mod_ssl: fix a potential NULL dereference spotted by gcc 8.1.0
		mod_http2: silence gcc strncpy warnings which break compilation in
		maintainer mode with gcc 8.1.0
		trunk patch: http://svn.apache.org/r1831231
		http://svn.apache.org/r1831591
		http://svn.apache.org/r1832934
		http://svn.apache.org/r1832937
		2.4.x patch: svn merge -c 1831231,1831591,1832934,1832937 ^/httpd/httpd/trunk .
		+1: ylavic, icing, jailletc36 (by inspection)


		PATCHES PROPOSED TO BACKPORT FROM TRUNK:
		[ New proposals should be added at the end of the list ]

modules/http2/h2_proxy_util.c

+6 −8

Original line number	Diff line number	Diff line
		@@ -916,8 +916,8 @@ static size_t subst_str(link_ctx ctx, int start, int end, const char ns)
		delta = nlen - olen;
		plen = ctx->slen + delta + 1;
		p = apr_pcalloc(ctx->pool, plen);
		strncpy(p, ctx->s, start);
		strncpy(p + start, ns, nlen);
		memcpy(p, ctx->s, start);
		memcpy(p + start, ns, nlen);
		strcpy(p + start + nlen, ctx->s + end);
		ctx->s = p;
		ctx->slen = (int)strlen(p);
		@@ -943,7 +943,7 @@ static void map_link(link_ctx *ctx)
		/* common to use relative uris in link header, for mappings
		* to work need to prefix the backend server uri */
		need_len += ctx->psu_len;
		strncpy(buffer, ctx->p_server_uri, sizeof(buffer));
		apr_cpystrn(buffer, ctx->p_server_uri, sizeof(buffer));
		buffer_len = ctx->psu_len;
		}
		if (need_len > sizeof(buffer)) {
		@@ -951,9 +951,7 @@ static void map_link(link_ctx *ctx)
		"link_reverse_map uri too long, skipped: %s", ctx->s);
		return;
		}
		strncpy(buffer + buffer_len, ctx->s + ctx->link_start, link_len);
		buffer_len += link_len;
		buffer[buffer_len] = '\0';
		apr_cpystrn(buffer + buffer_len, ctx->s + ctx->link_start, link_len + 1);
		if (!prepend_p_server
		&& strcmp(ctx->real_backend_uri, ctx->p_server_uri)
		&& !strncmp(buffer, ctx->real_backend_uri, ctx->rbu_len)) {
		@@ -961,8 +959,8 @@ static void map_link(link_ctx *ctx)
		* to work, we need to use the proxy uri */
		int path_start = ctx->link_start + ctx->rbu_len;
		link_len -= ctx->rbu_len;
		strcpy(buffer, ctx->p_server_uri);
		strncpy(buffer + ctx->psu_len, ctx->s + path_start, link_len);
		memcpy(buffer, ctx->p_server_uri, ctx->psu_len);
		memcpy(buffer + ctx->psu_len, ctx->s + path_start, link_len);
		buffer_len = ctx->psu_len + link_len;
		buffer[buffer_len] = '\0';
		}

modules/ssl/ssl_engine_kernel.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2392,7 +2392,7 @@ int ssl_callback_alpn_select(SSL *ssl,
		void *arg)
		{
		conn_rec c = (conn_rec)SSL_get_app_data(ssl);
		SSLConnRec *sslconn = myConnConfig(c);
		SSLConnRec *sslconn;
		apr_array_header_t *client_protos;
		const char *proposed;
		size_t len;
		@@ -2403,6 +2403,7 @@ int ssl_callback_alpn_select(SSL *ssl,
		if (c == NULL) {
		return SSL_TLSEXT_ERR_OK;
		}
		sslconn = myConnConfig(c);

		if (inlen == 0) {
		/* someone tries to trick us? */