From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 14 Apr 2006 12:17:54 +0000 (+0000)
Subject: * Initialize last_char as otherwise a random value will be compared
X-Git-Tag: 2.3.0~2454
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d1b38642dcdf1408a84b58f0ba33504097b6d3e;p=thirdparty%2Fapache%2Fhttpd.git

* Initialize last_char as otherwise a random value will be compared
  against APR_ASCII_LF at the end of the loop if bb only contains an
  EOS bucket.

PR: 39282
Submitted by: Davi Arnaut <davi haxent.com.br>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@394070 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 700544e9427..ddaed69d495 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 Changes with Apache 2.3.0
   [Remove entries to the current 2.0 and 2.2 section below, when backported]
 
+  *) core: Prevent reading uninitialized memory while reading a line of
+     protocol input.  PR 39282. [Davi Arnaut <davi haxent.com.br>]
+
   *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
      [Jeff Trawick]
 
diff --git a/server/protocol.c b/server/protocol.c
index 9f792ecce24..74cfb9cf633 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -217,6 +217,14 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
     char *pos, *last_char = *s;
     int do_alloc = (*s == NULL), saw_eos = 0;
 
+    /*
+     * Initialize last_char as otherwise a random value will be compared
+     * against APR_ASCII_LF at the end of the loop if bb only contains an
+     * EOS bucket.
+     */
+    if (last_char)
+        *last_char = '\0';
+
     for (;;) {
         apr_brigade_cleanup(bb);
         rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,