64404 – [mod_proxy_uwsgi] Fix a crash bug with h2 protocol

Bug 64404 - [mod_proxy_uwsgi] Fix a crash bug with h2 protocol

Summary: [mod_proxy_uwsgi] Fix a crash bug with h2 protocol

Status:	RESOLVED DUPLICATE of bug 64330

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_proxy (show other bugs)
Version:	2.4.43
Hardware:	PC FreeBSD

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-05-02 19:38 UTC by Norikatsu Shigemura
Modified:	2020-05-02 20:33 UTC (History)
CC List:	0 users

Attachments
patch for fix a crash bug (812 bytes, patch) 2020-05-02 19:38 UTC, Norikatsu Shigemura	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Norikatsu Shigemura 2020-05-02 19:38:03 UTC

Created attachment 37212 [details]
patch for fix a crash bug

I found a crash bug in mod_proxy_uwsgi.c with h2 protocol.

Accoding to core dump, a crash point was in following line#178 in mod_proxy_uwsgi.c:

>> headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);

I confirmed value of env[j] like following:

(lldb) p env[j].key
(char *const) $4 = 0x00000008015d5e9f "H2_STREAM_ID"
(lldb) p env[j].val
(char *const) $3 = 0x0000000000000000 <no value available>

So I consider that env[j].val is nullable.
Please apply attached my patch.

Comment 1 Yann Ylavic 2020-05-02 20:33:11 UTC

Thanks, this was already reported (bug 64330) and fixed (r1876616).

*** This bug has been marked as a duplicate of bug 64330 ***