From: Colm MacCarthaigh <colm@apache.org>
Date: Wed, 19 Apr 2006 10:15:33 +0000 (+0000)
Subject: Merge 394070 from trunk;
X-Git-Tag: 2.0.57~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=124334cec398867456846f52746e96a13ebaf01d;p=thirdparty%2Fapache%2Fhttpd.git

Merge 394070 from trunk;

* Initialize last_char as otherwise a random value will be compared
  against APR_ASCII_LF at the end of the loop if bb only contains an
  EOS bucket.

PR: 39282
Submitted by: Davi Arnaut <davi haxent.com.br>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@395197 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0fee9f17fef..07d406afbc7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.57
 
+  *) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
+     [Davi Arnaut <davi haxent.com.br>]
+
   *) mod_proxy: Report the proxy server name correctly in the "Via:" header,
      when UseCanonicalName is Off. PR 11971. [Martin Kraemer]
 
diff --git a/STATUS b/STATUS
index ab0485f549a..7fb2100b562 100644
--- a/STATUS
+++ b/STATUS
@@ -121,16 +121,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
          http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=113813652015559
        +1: colm, trawick, jim
 
-    *) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
-        Trunk version of patch:
-          http://svn.apache.org/viewcvs?rev=394070&view=rev
-        2.0.x version of patch:
-          http://issues.apache.org/bugzilla/attachment.cgi?id=18112
-      +1: rpluem, colm
-      niq: change comment "if bb only contains an EOS bucket"
-           to "if bb contains only zero-length buckets"
-           and you have my +1
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are!  Add all new
diff --git a/server/protocol.c b/server/protocol.c
index 518590244e5..f935576dff1 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -217,6 +217,14 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
     char *pos, *last_char = *s;
     int do_alloc = (*s == NULL), saw_eos = 0;
 
+    /*
+     * Initialize last_char as otherwise a random value will be compared
+     * against APR_ASCII_LF at the end of the loop if bb only contains 
+     * zero-length buckets.
+     */
+    if (last_char)
+        *last_char = '\0';
+
     for (;;) {
     apr_brigade_cleanup(bb);
     rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,