Return-Path: 
 <apreq-dev-return-1543-apmail-httpd-apreq-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-apreq-dev-archive@www.apache.org
Received: (qmail 59952 invoked from network); 11 Dec 2003 16:16:12 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 11 Dec 2003 16:16:12 -0000
Received: (qmail 11241 invoked by uid 500); 11 Dec 2003 16:16:07 -0000
Delivered-To: apmail-httpd-apreq-dev-archive@httpd.apache.org
Received: (qmail 11158 invoked by uid 500); 11 Dec 2003 16:16:06 -0000
Mailing-List: contact apreq-dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:apreq-dev@httpd.apache.org>
List-Help: <mailto:apreq-dev-help@httpd.apache.org>
List-Unsubscribe: <mailto:apreq-dev-unsubscribe@httpd.apache.org>
List-Subscribe: <mailto:apreq-dev-subscribe@httpd.apache.org>
Delivered-To: mailing list apreq-dev@httpd.apache.org
Received: (qmail 11145 invoked from network); 11 Dec 2003 16:16:06 -0000
Received: from unknown (HELO main.gmane.org) (80.91.224.249)
  by daedalus.apache.org with SMTP; 11 Dec 2003 16:16:06 -0000
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1AUTU0-0005Pa-00
	for <apreq-dev@httpd.apache.org>; Thu, 11 Dec 2003 17:16:08 +0100
Mail-Followup-To: apreq-dev@httpd.apache.org
X-Injected-Via-Gmane: http://gmane.org/
To: apreq-dev@httpd.apache.org
Received: from sea.gmane.org ([80.91.224.252])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1AUTTz-0005PS-00
	for <gmane-comp-apache-apreq@m.gmane.org>; Thu, 11 Dec 2003 17:16:07 +0100
Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian))
	id 1AUTTz-0001ag-00
	for <gmane-comp-apache-apreq@m.gmane.org>; Thu, 11 Dec 2003 17:16:07 +0100
From: Joe Schaefer <joe+gmane@sunstarsys.com>
Subject: Re: Bugreport: Segmentation fault when using wrong percent escapes
Date: 11 Dec 2003 11:16:06 -0500
Lines: 17
Message-ID: <m3y8tj1gah.fsf@sol.sunstarsys.com>
References: <20031211113009.GB12359@duempel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: usenet@sea.gmane.org
Mail-Copies-To: never
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
Sender: news <news@sea.gmane.org>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Max Kellermann <max@linuxtag.org> writes:

> Hi,
> 
> I found a bug in apreq2 v2.02-dev (which is still in CVS HEAD): when
> you decode a query string which uses an invalid percent escape
> (e.g. "test=foo%d"), apreq segfaults in function apr_table_addn.
> 
> This is because apreq_decode_param leaves param->v.name with a NULL
> value when it finds an invalid sequence. It also sets param->v.status
> to APR_BADARG. Calling function apreq_parse_query_string does not
> check param->v.status and tries to call apr_table_addn with NULL key.

Thanks!  I just applied a minor variant of your patch.

-- 
Joe Schaefer