ben 96/12/28 10:16:11
Modified: src CHANGES util_script.c
Log:
Make create_argv() safe from overflows.
Revision Changes Path
1.106 +2 -1 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.105
retrieving revision 1.106
diff -C3 -r1.105 -r1.106
*** CHANGES 1996/12/28 00:13:19 1.105
--- CHANGES 1996/12/28 18:16:09 1.106
***************
*** 72,78 ****
using the -make flag. [Rob Hartill]
*) Fix coredump triggered when sending a SIGHUP to the server caused
! by a dereference of an unitialized pointer in the listen_rec.
[Ben Laurie]
*) Add FILEPATH_INFO variable to CGI environment, which is equal to
--- 72,79 ----
using the -make flag. [Rob Hartill]
*) Fix coredump triggered when sending a SIGHUP to the server caused
! by an assertion failure, in turn caused by an uninitialised field in a
! listen_rec.
[Ben Laurie]
*) Add FILEPATH_INFO variable to CGI environment, which is equal to
1.35 +2 -0 apache/src/util_script.c
Index: util_script.c
===================================================================
RCS file: /export/home/cvs/apache/src/util_script.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -C3 -r1.34 -r1.35
*** util_script.c 1996/12/26 19:07:05 1.34
--- util_script.c 1996/12/28 18:16:10 1.35
***************
*** 60,65 ****
--- 60,66 ----
#include "http_core.h" /* For document_root. Sigh... */
#include "http_request.h" /* for sub_req_lookup_uri() */
#include "util_script.h"
+ #include <assert.h>
/*
* Various utility functions which are common to a whole lot of
***************
*** 96,101 ****
--- 97,103 ----
while ((t = strtok(NULL, "+")) != NULL) {
unescape_url(t);
+ assert(idx < APACHE_ARG_MAX);
av[idx] = escape_shell_cmd(r->pool, t);
av[idx] = t;
idx++;
