[Bug 60275] New: [patch] segfault on ap_fcgi_encoded_env_len if an environment variable value is null

Tue, 18 Oct 2016 15:02:24 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60275

            Bug ID: 60275
           Summary: [patch] segfault on ap_fcgi_encoded_env_len if an
                    environment variable value is null
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_proxy_fcgi
          Assignee: bugs@httpd.apache.org
          Reporter: alex2g...@gmail.com

Created attachment 34388
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34388&action=edit
The patch which fixes segfault in ap_fcgi_encoded_env_len/ap_fcgi_encode_env

If the value of environment variable is NULL then the next code in the function
ap_fcgi_encoded_env_len causes segfault
----
vallen = strlen(elts[i].val);
----

The AUTHENTICATE_* environment variables could be NULL
if the a SQL query returns NULL values.

Attached patch fixes this issue.

The backtrace
=============
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f0649d04710 (LWP 12340)]
0x00007f0650bc09a2 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00007f0650bc09a2 in strlen () from /lib64/libc.so.6
#1  0x00007f0653391530 in ap_fcgi_encoded_env_len ()
#2  0x00007f064ce4b88d in ?? () from /opt/lib/httpd/modules/mod_proxy_fcgi.so
#3  0x00007f064d25c732 in proxy_run_scheme_handler () from
/opt/lib/httpd/modules/mod_proxy.so
#4  0x00007f064d261863 in ?? () from /opt/lib/httpd/modules/mod_proxy.so
#5  0x00007f0653388cc0 in ap_run_handler ()
#6  0x00007f065338d11e in ap_invoke_handler ()
#7  0x00007f06533a145a in ap_process_async_request ()
#8  0x00007f065339d561 in ?? ()
#9  0x00007f06533941f0 in ap_run_process_connection ()
#10 0x00007f064c36e485 in ?? () from /opt/lib/httpd/modules/mod_mpm_event.so
#11 0x00007f06510be980 in start_thread () from /lib64/libpthread.so.0
#12 0x00007f0650c23b3d in clone () from /lib64/libc.so.6
=============

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to