Commit eb9316f6 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

mod_dav: Do not segfault on PROPFIND with a zero length DBM. 

PR: 52559
Backports: r1476645
Submitted by: Diego Santa Cruz <diego.santaCruz spinetix.com>
Reviewed by: rjung, wrowe, trawick



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497463 13f79535-47bb-0310-9956-ffa450edef68
parent 904b721b

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -54,6 +54,9 @@ Changes with Apache 2.2.25 
  *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.

     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]



  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.

     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]



Changes with Apache 2.2.24



  *) SECURITY: CVE-2012-3499 (cve.mitre.org)

STATUS

+0 −9
Original line number Diff line number Diff line
@@ -96,15 +96,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  

  * mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559

    [Diego Santa Cruz <diego.santaCruz spinetix.com>]

    This is the third patch in PR 52559. The other two are already

    voted on above.

    trunk patch: http://svn.apache.org/r1476645

    2.4.x patch: http://svn.apache.org/r1481513

    2.2.x patch: trunk patch works (minus CHANGES)

    +1: rjung, wrowe, trawick



  * mod_ssl/proxy: enable the SNI extension for backend TLS connections

    [Kaspar Brand]

    2.2.x patch: http://people.apache.org/~rjung/patches/r1175416-2.0-v2.patch

modules/dav/main/props.c

+4 −4
Original line number Diff line number Diff line
@@ -594,13 +594,14 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, 
        if (propdb->db != NULL) {

            dav_xmlns_info *xi = dav_xmlns_create(propdb->p);

            dav_prop_name name;

            dav_error *err;



            /* define (up front) any namespaces the db might need */

            (void) (*db_hooks->define_namespaces)(propdb->db, xi);



            /* get the first property name, beginning the scan */

            (void) (*db_hooks->first_name)(propdb->db, &name);

            while (name.ns != NULL) {

            err = (*db_hooks->first_name)(propdb->db, &name);

            while (!err && name.ns) {



                /*

                ** We also look for <DAV:getcontenttype> and
@@ -619,7 +620,6 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, 
                }



                if (what == DAV_PROP_INSERT_VALUE) {

                    dav_error *err;

                    int found;



                    if ((err = (*db_hooks->output_value)(propdb->db, &name,
@@ -638,7 +638,7 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb, 
                }



              next_key:

                (void) (*db_hooks->next_name)(propdb->db, &name);

                err = (*db_hooks->next_name)(propdb->db, &name);

            }



            /* all namespaces have been entered into xi. generate them into