On Mon, May 25, 2020 at 7:50 AM <[email protected]> wrote:
>
> Author: rpluem
> Date: Mon May 25 05:50:12 2020
> New Revision: 1878092
>
> URL: http://svn.apache.org/viewvc?rev=1878092&view=rev
> Log:
> Fix a NULL pointer dereference
>
> * server/scoreboard.c (ap_increment_counts): In certain cases like certain
> invalid requests r->method might be NULL here. r->method_number defaults
> to M_GET and hence is M_GET in these cases.
>
>
> Modified:
> httpd/httpd/trunk/server/scoreboard.c
>
> Modified: httpd/httpd/trunk/server/scoreboard.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/scoreboard.c?rev=1878092&r1=1878091&r2=1878092&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/scoreboard.c (original)
> +++ httpd/httpd/trunk/server/scoreboard.c Mon May 25 05:50:12 2020
> @@ -381,7 +381,7 @@ AP_DECLARE(void) ap_increment_counts(ap_
> if (pfn_ap_logio_get_last_bytes != NULL) {
> bytes = pfn_ap_logio_get_last_bytes(r->connection);
> }
> - else if (r->method_number == M_GET && r->method[0] == 'H') {
> + else if (r->method_number == M_GET && r->method && r->method[0] == 'H') {
> bytes = 0;
> }
> else {
Sorry for the lateness..
Maybe we could have an r->method_number == M_INVALID and r->method ==
"" by default on failure, like with the attached patch?
Regards;
Yann.
Index: server/protocol.c
===================================================================
--- server/protocol.c (revision 1893001)
+++ server/protocol.c (working copy)
@@ -715,6 +715,8 @@ static int read_request_line(request_rec *r, apr_b
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+ r->method_num = M_INVALID;
+ r->method = "";
/* ap_rgetline returns APR_ENOSPC if it fills up the
* buffer before finding the end-of-line. This is only going to
