From: Giovanni Bechis <gbechis@apache.org>
Date: Tue, 4 Apr 2023 21:43:46 +0000 (+0000)
Subject: Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51a3e295058839b04fd7df544bbc5571f43226eb;p=thirdparty%2Fapache%2Fhttpd.git

Fix a possible NULL pointer dereference of ap_runtime_dir_relative()

ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
does not check the return value of ap_runtime_dir_relative() and use it
directly.

Fix this bug by adding a NULL check.

Submitted by: Zhou Qingyang <zhou1615@umn.edu>

Github: closes #304


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908972 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 08cdaccbf64..de3e4b353ae 100644
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp,
 
         parent_pid = getpid();
         tmp_sockname = ap_runtime_dir_relative(p, sockname);
+        if (!tmp_sockname)
+            return DECLINED;
         if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
             tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254)