Evgeny, both patches look fine. Thanks! Applied in r1743517. Cheers,
Stefan > Am 12.05.2016 um 16:33 schrieb Evgeny Kotkov <[email protected]>: > > This patch fixes a theoretically possible segfault in mod_proxy_http2. > > Please see the open_stream() function in h2_proxy_session.c:598. If the > call to apr_uri_parse() fails, some of the apr_uri_t's fields may be set > to NULL, and this would cause a segfault in the following lines: > > authority = puri.hostname; > if (!ap_strchr_c(authority, ':') && puri.port > ... > > Currently, the URIs are preprocessed by ap_proxy_canon_netloc() much earlier > than opening the proxy stream, but this may not hold in the future. As well > as that, I think that there might be subtle differences between how these two > functions handle invalid URIs, and that could also result in the crash. > > I attached the patch with a fix for this issue. > > While here, I also spotted an opportunity for a minor code cleanup. There > are a couple of places where a function returns an apr_status_t, but the > calling site tests the result against the OK (hook return code). I updated > such places in the second patch. > > > Regards, > Evgeny Kotkov > <h2-proxy-uri-parse-v1.patch.txt><h2-proxy-apr-status-cleanup-v1.patch.txt>
