[Bug 66136] New: Lacking a check for the return of apr_sockaddr_info_get() in listen.c

bugzilla Wed, 22 Jun 2022 04:09:36 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66136


            Bug ID: 66136
           Summary: Lacking a check for the return of
                    apr_sockaddr_info_get() in listen.c
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: xkernel.w...@foxmail.com
  Target Milestone: ---

Missing a check for the return value of apr_sockaddr_info_get() in
https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/server/listen.c#L884,
which may further result in wrong memory access if resolving the address info
fails.

Therefore, it is better to get the return value of apr_sockaddr_info_get() and
check whether it is APR_SUCCESS.

This bug is at least from 2.4.51 in httpd-2.4.51/server/listen.c:689:13.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 66136] New: Lacking a check for the return of apr_sockaddr_info_get() in listen.c

Reply via email to