* core: Fix error handling in ap_scan_script_header_err_brigade() if there

  is no EOS bucket in the brigade:
  Also don't loop if there is a timeout when discarding the script output.
  Thanks to Edgar Frank for the analysis.

  Note CHANGES entry omits mention of non-2.2 mod_proxy_fcgi

Backports: r1311174
Submitted by: sf
Reviewed by: rjung, trawick, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1375683 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 4131948d5f99883616733103f458adb24c6c6597..7dab19334a9911784cd5d40be81b6505de72d311 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,9 @@ Changes with Apache 2.2.23
      possible XSS for a site where untrusted users can upload files to
      a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
 
+  *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
+     is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]
+
   *) core: Prevent "httpd -k restart" from killing server in presence of
      config error. [Joe Orton]
 

diff --git a/STATUS b/STATUS
index 3a76f4e6c24f785e34c823ca7f7c6eb0906ddec6..96d84279485d5b834f30c4455d4bbbdef366f635 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -113,15 +113,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.2.x patch: http://people.apache.org/~rjung/patches/improve-forbidden-error-message-2_2.patch
      +1: rjung, trawick, wrowe
 
-   * core: Fix error handling in ap_scan_script_header_err_brigade() if there
-     is no EOS bucket in the brigade:
-     Also don't loop if there is a timeout when discarding the script output.
-     Thanks to Edgar Frank for the analysis.
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1311174
-     2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1331414
-     2.2.x patch: trunk patch applies
-     +1: rjung, trawick, wrowe
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

diff --git a/server/util_script.c b/server/util_script.c
index 48aea59f548f7459fee15a561688608a1bbfe926..925342c4940481dbd581de5c83d37785b65eee95 100644 (file)
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -537,7 +537,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
+                while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
                     continue;
                 }
             }
@@ -626,7 +626,8 @@ static int getsfunc_BRIGADE(char *buf, int len, void *arg)
     apr_status_t rv;
     int done = 0;
 
-    while ((dst < dst_end) && !done && !APR_BUCKET_IS_EOS(e)) {
+    while ((dst < dst_end) && !done && e != APR_BRIGADE_SENTINEL(bb)
+           && !APR_BUCKET_IS_EOS(e)) {
         const char *bucket_data;
         apr_size_t bucket_data_len;
         const char *src;
@@ -660,7 +661,7 @@ static int getsfunc_BRIGADE(char *buf, int len, void *arg)
         e = next;
     }
     *dst = 0;
-    return 1;
+    return done;
 }
 
 AP_DECLARE(int) ap_scan_script_header_err_brigade(request_rec *r,