https://bz.apache.org/bugzilla/show_bug.cgi?id=68902
Bug ID: 68902 Summary: [PATCH] Fixed args parsing in htdbm.c Product: Apache httpd-2 Version: 2.4.59 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: support Assignee: bugs@httpd.apache.org Reporter: vegor...@astralinux.ru Target Milestone: --- Created attachment 39669 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39669&action=edit Args parse fix in htdbm An error was detected in the htdbm in processing arguments, which subsequently causes SEGV (https://bz.apache.org/bugzilla/show_bug.cgi?id=66637 and https://bz.apache.org/bugzilla/show_bug.cgi?id=66638). Previously, arguments were processed this way: 1. The args_left value is initialized, which is responsible for the number of remaining arguments after the flags (username, database, password, depending on the flags, some of them are required or not) 2. When a certain flag appears, the value of args_left is decreased or increased. In this case, incorrect processing is possible when the value was decreased, although the flags were not processed correctly (for example, in the case of the input string "-nx-B", first n and x will be processed as flags, and then the loop will be exited. Since in the "case n" we decreased args_left to 1, then only one argument is expected after the flag. After processing x, an invalid character will be encountered - and processing of the flags in the loop will be interrupted, so the entire input will be accepted as one whole argument, but the value of args_left has already been changed). The attached patch corrects this problem as follows: instead of changing the value of args_left inside the loop, the value changes after it depending on the command, and also transferred changes to the values of flags responsible for a specific argument (for example, user_needed) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org