https://issues.apache.org/bugzilla/show_bug.cgi?id=49214
Summary: Possible buffer overflow in proc_spawn_process
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: minor
Priority: P2
Component: mod_fcgid
AssignedTo: [email protected]
ReportedBy: [email protected]
Log Message:
[[[
Allocate enough memory for APACHE_ARG_MAX arguments plus a terminating
NULL pointer.
]]]
Patch:
[[[
Index: modules/fcgid/fcgid_proc_unix.c
===================================================================
--- modules/fcgid/fcgid_proc_unix.c (revision 938992)
+++ modules/fcgid/fcgid_proc_unix.c (working copy)
@@ -201,7 +201,7 @@
struct sockaddr_un unix_addr;
apr_procattr_t *procattr = NULL;
int argc;
- const char *wargv[APACHE_ARG_MAX];
+ const char *wargv[APACHE_ARG_MAX+1];
const char *word; /* For wrapper */
const char *tmp;
]]]
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
