[Bug 66135] New: Lacking check for the return value of apr_sockaddr_info_get()

bugzilla Wed, 22 Jun 2022 03:51:14 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66135


            Bug ID: 66135
           Summary: Lacking check for the return value of
                    apr_sockaddr_info_get()
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_ftp
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Missing a check for the return value of apr_sockaddr_info_get() in
https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/modules/proxy/mod_proxy_ftp.c#L1558
and
https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/modules/proxy/mod_proxy_ftp.c#L1601,
which may further result in wrong memory access if resolving the address info
fails.

Therefore, it is better to get the return value of apr_sockaddr_info_get() and
check whether it is APR_SUCCESS.

This bug is at least from 2.4.51 in
httpd-2.4.51/modules/proxy/mod_proxy_ftp.c:1563:17 and
httpd-2.4.51/modules/proxy/mod_proxy_ftp.c:1606:9.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 66135] New: Lacking check for the return value of apr_sockaddr_info_get()

Reply via email to