From: Stefan Fritsch <sf@apache.org>
Date: Tue, 3 Jul 2012 19:53:09 +0000 (+0000)
Subject: Merge r1244211:
X-Git-Tag: 2.2.23~141
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27bef2405f1ed7fe9231a1596147a24ff972329d;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1244211:

    Make sure the getsfunc_*() functions used by ap_scan_script_header_err*()
    NUL-terminate the resulting string, even in case of an error. mod_cgi and
    mod_cgid try to log incomplete output from CGI scripts.

Reviewed by: sf, covener, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1356894 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index c32e59e0802..b46a9e995ba 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@ Changes with Apache 2.2.23
      envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
      current working directory to be searched for DSOs. [Stefan Fritsch]
 
+  *) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
+     from logging bogus data in case of errors. [Stefan Fritsch]
+
   *) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
      response is a 206 Partial Content. This stops a reverse proxied partial
      response from becoming cached, and then being served in subsequent
diff --git a/STATUS b/STATUS
index a85cda4cb8c..7e34220b90b 100644
--- a/STATUS
+++ b/STATUS
@@ -93,16 +93,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * core: NUL-terminate string returned by ap_scan_script_header_err*()
-    in error case.
-    Trunk patch:
-      http://svn.apache.org/viewvc?rev=1244211&view=rev
-    2.4.x patch:
-      http://svn.apache.org/viewvc?rev=1244213&view=rev
-    2.2.x patch:
-      Trunk version works
-    +1: sf, covener, wrowe
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/server/util_script.c b/server/util_script.c
index 1300951ba62..48aea59f548 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -636,6 +636,7 @@ static int getsfunc_BRIGADE(char *buf, int len, void *arg)
         rv = apr_bucket_read(e, &bucket_data, &bucket_data_len,
                              APR_BLOCK_READ);
         if (rv != APR_SUCCESS || (bucket_data_len == 0)) {
+            *dst = '\0';
             return APR_STATUS_IS_TIMEUP(rv) ? -1 : 0;
         }
         src = bucket_data;
@@ -681,8 +682,10 @@ static int getsfunc_STRING(char *w, int len, void *pvastrs)
     const char *p;
     int t;
 
-    if (!strs->curpos || !*strs->curpos)
+    if (!strs->curpos || !*strs->curpos) {
+        w[0] = '\0';
         return 0;
+    }
     p = ap_strchr_c(strs->curpos, '\n');
     if (p)
         ++p;