https://bz.apache.org/bugzilla/show_bug.cgi?id=64725
Bug ID: 64725
Summary: Three NULL Pointer Dereference Bugs with bug traces
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_dav
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi guys,
We have found three NULL Pointer Dereference Bugs as follows. The detail of
each bug is explained as an attachmenet.
1. Bug description: `dav_buffer_append` dereferences `str` at line 155 in
`modules/dav/main/util.c`, while `str` is potentially empty string
Root cause: `*fname_p = NULL` in the function `dav_fs_dir_file_name` defined in
`modules/dav/fs/repos.c`
2. Bug description: `dav_fs_insert_prop` dereferences `info` at line 2000 and
line 2004 in the form `info->name`, while `*info` can be null.
Root cause: Although it is claimed that info is not equal to NULL in the
annotation, we check the feasibility of the control flow path and find that
`modules/dav/main/liveprop.c` can set `*info = NULL` at line 127 in
`dav_get_liveprop_info` defined in `modules/dav/main/liveprop.c`
According to CWE 476, there are several problems with leaving the code with
null references. An attacker can take advantage of the opportunity to introduce
malicious code. In this case, we are not sure of the behavior of the compiler
when faced with a null reference.
Best regards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
