httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Kotkov <evgeny.kot...@visualsvn.com>
Subject [PATCH] mod_proxy_http2: fix theoretically possible segfault when parsing URL
Date Thu, 12 May 2016 14:33:23 GMT
This patch fixes a theoretically possible segfault in mod_proxy_http2.

Please see the open_stream() function in h2_proxy_session.c:598.  If the
call to apr_uri_parse() fails, some of the apr_uri_t's fields may be set
to NULL, and this would cause a segfault in the following lines:

    authority = puri.hostname;
    if (!ap_strchr_c(authority, ':') && puri.port
    ...

Currently, the URIs are preprocessed by ap_proxy_canon_netloc() much earlier
than opening the proxy stream, but this may not hold in the future.  As well
as that, I think that there might be subtle differences between how these two
functions handle invalid URIs, and that could also result in the crash.

I attached the patch with a fix for this issue.

While here, I also spotted an opportunity for a minor code cleanup.  There
are a couple of places where a function returns an apr_status_t, but the
calling site tests the result against the OK (hook return code).  I updated
such places in the second patch.


Regards,
Evgeny Kotkov

Mime
View raw message