From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 27 Jun 2013 17:21:42 +0000 (+0000)
Subject: mod_dav: Do not segfault on PROPFIND with a zero length DBM.
X-Git-Tag: 2.2.25~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=163ae3c81371bca4363daea137fc13c24cea8784;p=thirdparty%2Fapache%2Fhttpd.git

mod_dav: Do not segfault on PROPFIND with a zero length DBM.

PR: 52559
Backports: r1476645
Submitted by: Diego Santa Cruz <diego.santaCruz spinetix.com>
Reviewed by: rjung, wrowe, trawick



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497463 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index cee983c249f..91f544ba7ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -54,6 +54,9 @@ Changes with Apache 2.2.25
   *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
      PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
 
+  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
+     PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
+
 Changes with Apache 2.2.24
 
   *) SECURITY: CVE-2012-3499 (cve.mitre.org)
diff --git a/STATUS b/STATUS
index affca73ef1a..320464742d6 100644
--- a/STATUS
+++ b/STATUS
@@ -96,15 +96,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
   
-  * mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559
-    [Diego Santa Cruz <diego.santaCruz spinetix.com>]
-    This is the third patch in PR 52559. The other two are already
-    voted on above.
-    trunk patch: http://svn.apache.org/r1476645
-    2.4.x patch: http://svn.apache.org/r1481513
-    2.2.x patch: trunk patch works (minus CHANGES)
-    +1: rjung, wrowe, trawick
-
   * mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]
     2.2.x patch: http://people.apache.org/~rjung/patches/r1175416-2.0-v2.patch
diff --git a/modules/dav/main/props.c b/modules/dav/main/props.c
index b9601d78a7e..27967377729 100644
--- a/modules/dav/main/props.c
+++ b/modules/dav/main/props.c
@@ -594,13 +594,14 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
         if (propdb->db != NULL) {
             dav_xmlns_info *xi = dav_xmlns_create(propdb->p);
             dav_prop_name name;
+            dav_error *err;
 
             /* define (up front) any namespaces the db might need */
             (void) (*db_hooks->define_namespaces)(propdb->db, xi);
 
             /* get the first property name, beginning the scan */
-            (void) (*db_hooks->first_name)(propdb->db, &name);
-            while (name.ns != NULL) {
+            err = (*db_hooks->first_name)(propdb->db, &name);
+            while (!err && name.ns) {
 
                 /*
                 ** We also look for <DAV:getcontenttype> and
@@ -619,7 +620,6 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
                 }
 
                 if (what == DAV_PROP_INSERT_VALUE) {
-                    dav_error *err;
                     int found;
 
                     if ((err = (*db_hooks->output_value)(propdb->db, &name,
@@ -638,7 +638,7 @@ DAV_DECLARE(dav_get_props_result) dav_get_allprops(dav_propdb *propdb,
                 }
 
               next_key:
-                (void) (*db_hooks->next_name)(propdb->db, &name);
+                err = (*db_hooks->next_name)(propdb->db, &name);
             }
 
             /* all namespaces have been entered into xi. generate them into