httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r939340 - in /httpd/mod_fcgid/trunk/modules/fcgid: fcgid_proc_unix.c fcgid_proc_win.c
Date Thu, 29 Apr 2010 15:14:51 GMT
Author: trawick
Date: Thu Apr 29 15:14:50 2010
New Revision: 939340

URL: http://svn.apache.org/viewvc?rev=939340&view=rev
Log:
Allocate enough array elements for APACHE_ARG_MAX arguments plus a 
terminating NULL pointer.

This solves a potential FUTURE buffer overflow.  Overflow can't occur
at present because a command-line with so many args would have been
truncated before reaching this point in processing.

PR: 49214
Submitted by: Martin Furter <mf apache.org>

Modified:
    httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
    httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_win.c

Modified: httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c?rev=939340&r1=939339&r2=939340&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c (original)
+++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_unix.c Thu Apr 29 15:14:50 2010
@@ -201,7 +201,7 @@ apr_status_t proc_spawn_process(const ch
     struct sockaddr_un unix_addr;
     apr_procattr_t *procattr = NULL;
     int argc;
-    const char *wargv[APACHE_ARG_MAX];
+    const char *wargv[APACHE_ARG_MAX + 1];
     const char *word; /* For wrapper */
     const char *tmp;
 

Modified: httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_win.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_win.c?rev=939340&r1=939339&r2=939340&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_win.c (original)
+++ httpd/mod_fcgid/trunk/modules/fcgid/fcgid_proc_win.c Thu Apr 29 15:14:50 2010
@@ -70,7 +70,7 @@ apr_status_t proc_spawn_process(const ch
     char **proc_environ;
     char sock_path[_POSIX_PATH_MAX];
     int argc;
-    char *wargv[APACHE_ARG_MAX], *word; /* For wrapper */
+    char *wargv[APACHE_ARG_MAX + 1], *word; /* For wrapper */
     const char *tmp;
 
     /* Build wrapper args */



Mime
View raw message