Hi, Attached patch fix a crash caused by mod suPHP when next Apache filter module get an uninitialized len value when calling apr_bucket_read(), which is just a macro helper which calls suphp_bucket_read() if suphp is enabled.
The harm is probably shared between mod_deflate which doesn't check apr_bucket_read() return value and suphp_bucket_read() which doesn't sanitize its output, which is always a best practice anyway, the patch ensure suphp_bucket_read() returns a 0 len value if something went wrong. Sylvain
#! /bin/sh /usr/share/dpatch/dpatch-run
## 14_TuxFamily-suphp-0.7.2-1-sanity-clean-suphp-bucket-read.dpatch
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: TuxFamily patch to fix segfault when next filter is mod_deflate which
## DP: doesn't check apr_bucket_read() return value
@DPATCH@
diff -Nru a/src/apache2/mod_suphp.c b/src/apache2/mod_suphp.c
--- a/src/apache2/mod_suphp.c 2016-03-25 23:01:50.000000000 +0000
+++ b/src/apache2/mod_suphp.c 2016-03-25 23:02:32.420399971 +0000
@@ -471,6 +471,9 @@
apr_status_t rv;
int gotdata = 0;
+ /* Never return an uninitialized len value */
+ *len = 0;
+
timeout = (block == APR_NONBLOCK_READ) ? 0 : data->r->server->timeout;
do {
signature.asc
Description: Digital signature
_______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
