From: William A. Rowe Jr Date: Tue, 21 Aug 2012 17:42:49 +0000 (+0000) Subject: * core: Fix error handling in ap_scan_script_header_err_brigade() if there X-Git-Tag: 2.2.23~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78e47d923a3e444ac2ee729a679c2b938790a7f6;p=thirdparty%2Fapache%2Fhttpd.git * core: Fix error handling in ap_scan_script_header_err_brigade() if there is no EOS bucket in the brigade: Also don't loop if there is a timeout when discarding the script output. Thanks to Edgar Frank for the analysis. Note CHANGES entry omits mention of non-2.2 mod_proxy_fcgi Backports: r1311174 Submitted by: sf Reviewed by: rjung, trawick, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1375683 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4131948d5f9..7dab19334a9 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ Changes with Apache 2.2.23 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) core: Fix error handling in ap_scan_script_header_err_brigade() if there + is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch] + *) core: Prevent "httpd -k restart" from killing server in presence of config error. [Joe Orton] diff --git a/STATUS b/STATUS index 3a76f4e6c24..96d84279485 100644 --- a/STATUS +++ b/STATUS @@ -113,15 +113,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.2.x patch: http://people.apache.org/~rjung/patches/improve-forbidden-error-message-2_2.patch +1: rjung, trawick, wrowe - * core: Fix error handling in ap_scan_script_header_err_brigade() if there - is no EOS bucket in the brigade: - Also don't loop if there is a timeout when discarding the script output. - Thanks to Edgar Frank for the analysis. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1311174 - 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1331414 - 2.2.x patch: trunk patch applies - +1: rjung, trawick, wrowe - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/server/util_script.c b/server/util_script.c index 48aea59f548..925342c4940 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -537,7 +537,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer, if (!buffer) { /* Soak up all the script output - may save an outright kill */ - while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) { + while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) { continue; } } @@ -626,7 +626,8 @@ static int getsfunc_BRIGADE(char *buf, int len, void *arg) apr_status_t rv; int done = 0; - while ((dst < dst_end) && !done && !APR_BUCKET_IS_EOS(e)) { + while ((dst < dst_end) && !done && e != APR_BRIGADE_SENTINEL(bb) + && !APR_BUCKET_IS_EOS(e)) { const char *bucket_data; apr_size_t bucket_data_len; const char *src; @@ -660,7 +661,7 @@ static int getsfunc_BRIGADE(char *buf, int len, void *arg) e = next; } *dst = 0; - return 1; + return done; } AP_DECLARE(int) ap_scan_script_header_err_brigade(request_rec *r,