Fix a possible NULL pointer dereference of ap_runtime_dir_relative()

ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
does not check the return value of ap_runtime_dir_relative() and use it
directly.

Fix this bug by adding a NULL check.

Submitted by: Zhou Qingyang <zhou1615@umn.edu>

Github: closes #304

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908972 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 08cdaccbf6463b40a0489b54d0d6bd32ce70e963..de3e4b353ae4395e00b08a0b7198c97006c54eb5 100644 (file)
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp,
 
         parent_pid = getpid();
         tmp_sockname = ap_runtime_dir_relative(p, sockname);
+        if (!tmp_sockname)
+            return DECLINED;
         if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
             tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254)