On 4/4/23 11:43 PM, gbec...@apache.org wrote:
> Author: gbechis
> Date: Tue Apr 4 21:43:46 2023
> New Revision: 1908972
>
> URL: http://svn.apache.org/viewvc?rev=1908972&view=rev
> Log:
> Fix a possible NULL pointer dereference of ap_runtime_dir_relative()
>
> ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
> does not check the return value of ap_runtime_dir_relative() and use it
> directly.
>
> Fix this bug by adding a NULL check.
>
> Submitted by: Zhou Qingyang <zhou1...@umn.edu>
>
> Github: closes #304
>
> Modified:
> httpd/httpd/trunk/modules/generators/mod_cgid.c
>
> Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1908972&r1=1908971&r2=1908972&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
> +++ httpd/httpd/trunk/modules/generators/mod_cgid.c Tue Apr 4 21:43:46 2023
> @@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_
>
> parent_pid = getpid();
> tmp_sockname = ap_runtime_dir_relative(p, sockname);
> + if (!tmp_sockname)
> + return DECLINED;
I think we should log an error before we return as in this case the cgi daemon
will not start.
> if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
> tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
> ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server,
> APLOGNO(01254)
>
>
>
Regards
RĂ¼diger
