66136 – Lacking a check for the return of apr_sockaddr_info_get() in listen.c

Bug 66136 - Lacking a check for the return of apr_sockaddr_info_get() in listen.c

Summary: Lacking a check for the return of apr_sockaddr_info_get() in listen.c

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Core (show other bugs)
Version:	2.5-HEAD
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-06-22 11:08 UTC by Xiaoke Wang
Modified:	2022-06-28 13:07 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xiaoke Wang 2022-06-22 11:08:58 UTC

Missing a check for the return value of apr_sockaddr_info_get() in https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/server/listen.c#L884, which may further result in wrong memory access if resolving the address info fails.

Therefore, it is better to get the return value of apr_sockaddr_info_get() and check whether it is APR_SUCCESS.

This bug is at least from 2.4.51 in httpd-2.4.51/server/listen.c:689:13.

Comment 1 Giovanni Bechis 2022-06-28 13:07:50 UTC

Fixed in r1902318.
Thanks