Commit 86efd5f0 authored by Graham Leggett's avatar Graham Leggett
Browse files

mod_rewrite: Fix 0 bytes write into random memory position. 

PR:	31036
Obtained from:
Submitted by:	nd
Reviewed by:	nd, trawick, jerenkrantz, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105431 13f79535-47bb-0310-9956-ffa450edef68
parent 9a1b534c

CHANGES

+3 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0.53













  *) mod_rewrite: Fix 0 bytes write into random memory position.













     PR 31036. [Andr Malo]



























  *) mod_disk_cache: Do not store aborted content.  PR 21492.















     [Rüiger Plü <r.pluem t-online.de>]















































STATUS



+1
−2






























Original line number
Diff line number
Diff line















APACHE 2.0 STATUS:                                              -*-text-*-













Last modified at [$Date: 2004/10/13 16:40:54 $]













Last modified at [$Date: 2004/10/13 16:51:37 $]































Release:


























@@ -129,7 +129,6 @@ PATCHES TO BACKPORT FROM 2.1













    *) mod_rewrite: Fix 0 bytes write into random memory position. PR 31036.















       (2.0 + 1.3)















         http://www.apache.org/~nd/dbmmap_1.3.patch













         http://www.apache.org/~nd/dbmmap_2.0.patch















       +1: nd, trawick, jerenkrantz, jim































    *) mod_rewrite:Fix query string handling for proxied URLs. PR 14518.

































modules/mappers/mod_rewrite.c



+15
−15






























Original line number
Diff line number
Diff line








@@ -3200,25 +3200,25 @@ static char *lookup_map_dbmfile(request_rec *r, const char *file,













    apr_dbm_t *dbmfp = NULL;















    apr_datum_t dbmkey;















    apr_datum_t dbmval;













    char *value = NULL;













    char buf[MAX_STRING_LEN];













    apr_status_t rv;













    char *value;



























    if (apr_dbm_open_ex(&dbmfp, dbmtype, file, APR_DBM_READONLY, APR_OS_DEFAULT, 













                        r->pool) != APR_SUCCESS) {













        return NULL;













    }































    dbmkey.dptr  = key;















    dbmkey.dsize = strlen(key);













    if ((rv = apr_dbm_open_ex(&dbmfp, dbmtype, file, APR_DBM_READONLY,













                              0 /* irrelevant when reading */,













                              r->pool)) == APR_SUCCESS) {













        rv = apr_dbm_fetch(dbmfp, dbmkey, &dbmval);













        if (rv == APR_SUCCESS && dbmval.dptr) {













            memcpy(buf, dbmval.dptr,













                   dbmval.dsize < sizeof(buf)-1 ?













                   dbmval.dsize : sizeof(buf)-1  );













            buf[dbmval.dsize] = '\0';













            value = apr_pstrdup(r->pool, buf);



























    if (apr_dbm_fetch(dbmfp, dbmkey, &dbmval) == APR_SUCCESS && dbmval.dptr) {













        value = apr_pstrmemdup(r->pool, dbmval.dptr, dbmval.dsize);















    }













        apr_dbm_close(dbmfp);













    else {













        value = NULL;















    }



























    apr_dbm_close(dbmfp);





























    return value;















}