apache2/apache2-mod_proxy_uwsgi-fix-crash.patch

Index: httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c
===================================================================
--- httpd-2.4.46.orig/modules/proxy/mod_proxy_uwsgi.c	2020-07-24 11:35:25.000000000 +0200
+++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c	2020-11-10 16:38:14.507125446 +0100
@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re
     env = (apr_table_entry_t *) env_table->elts;
 
     for (j = 0; j < env_table->nelts; ++j) {
-        headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
+        headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);
     }
 
     pktsize = headerlen - 4;
@@ -198,10 +198,12 @@ static int uwsgi_send_headers(request_re
         memcpy(ptr, env[j].key, keylen);
         ptr += keylen;
 
-        vallen = strlen(env[j].val);
+        vallen = env[j].val ? strlen(env[j].val) : 0;
         *ptr++ = (apr_byte_t) (vallen & 0xff);
         *ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff);
-        memcpy(ptr, env[j].val, vallen);
+        if (env[j].val) {
+            memcpy(ptr, env[j].val, vallen);
+        }
         ptr += vallen;
     }
- version update to 2.4.46 Changes with Apache 2.4.46 ) mod_proxy_fcgi: Fix build warnings for Windows platform [Eric Covener, Christophe Jaillet] Changes with Apache 2.4.45 ) mod_http2: remove support for abandoned http-wg draft <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>. [Stefan Eissing] Changes with Apache 2.4.44 ) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard protocol limit). [Yann Ylavic] ) mod_http2: Fixes <https://github.com/icing/mod_h2/issues/200>: "LimitRequestFields 0" now disables the limit, as documented. Fixes <https://github.com/icing/mod_h2/issues/201>: Do not count repeated headers with same name against the field count limit. The are merged internally, as if sent in a single HTTP/1 line. [Stefan Eissing] ) mod_http2: Avoid segfaults in case of handling certain responses for already aborted connections. [Stefan Eissing, Ruediger Pluem] ) mod_http2: The module now handles master/secondary connections and has marked methods according to use. [Stefan Eissing] ) core: Drop an invalid Last-Modified header value coming from a FCGI/CGI script instead of replacing it with Unix epoch. [Yann Ylavic, Luca Toscano] ) Add support for strict content-length parsing through addition of ap_parse_strict_length() [Yann Ylavic] ) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression evaluates to false. PR64365. [Michael König <mail ikoenig.net>] ) mod_proxy_http: flush spooled request body in one go to avoid OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=610 2020-08-07 12:32:10 +00:00			`Index: httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c`
			`===================================================================`
			`--- httpd-2.4.46.orig/modules/proxy/mod_proxy_uwsgi.c 2020-07-24 11:35:25.000000000 +0200`
- package reworked trough [bsc#1178478] - modified patches % apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed) - modified sources % apache2-loadmodule.conf % apache2-manual.conf % apache2-script-helpers % apache2@.service % sysconfig.apache2 - deleted patches - deprecated-scripts-arch.patch (not needed) - httpd-2.0.54-envvars.dif (not needed) - httpd-2.1.3alpha-layout.dif (renamed to apache2-system-dirs-layout.patch) - httpd-2.2.0-apxs-a2enmod.dif (not needed) - httpd-2.4.9-bnc690734.patch (renamed to apache2-LimitRequestFieldSize-limits-headers.patch) - httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch) - httpd-2.x.x-logresolve.patch (renamed to apache2-logresolve-tmp-security.patch) - httpd-apachectl.patch (renamed to apache2-apachectl.patch) - httpd-implicit-pointer-decl.patch (not needed) - httpd-visibility.patch (not needed) - deleted sources - SUSE-NOTICE (outdated) - a2enflag (renamed to apache2-a2enflag) - a2enmod (renamed to apache2-a2enmod) - apache-22-24-upgrade (outdated) OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=624 2020-11-26 13:18:20 +00:00			`+++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c 2020-11-10 16:38:14.507125446 +0100`
- fix crash in mod_proxy_uwsgi for empty values of environment variables - added patches fix https://svn.apache.org/viewvc?view=revision + apache2-mod_proxy_uwsgi-fix-crash.patch OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=607 2020-07-15 09:19:00 +00:00			`@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re`
			`env = (apr_table_entry_t *) env_table->elts;`

			`for (j = 0; j < env_table->nelts; ++j) {`
			`- headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);`
			`+ headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);`
			`}`

- version update to 2.4.46 Changes with Apache 2.4.46 ) mod_proxy_fcgi: Fix build warnings for Windows platform [Eric Covener, Christophe Jaillet] Changes with Apache 2.4.45 ) mod_http2: remove support for abandoned http-wg draft <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>. [Stefan Eissing] Changes with Apache 2.4.44 ) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard protocol limit). [Yann Ylavic] ) mod_http2: Fixes <https://github.com/icing/mod_h2/issues/200>: "LimitRequestFields 0" now disables the limit, as documented. Fixes <https://github.com/icing/mod_h2/issues/201>: Do not count repeated headers with same name against the field count limit. The are merged internally, as if sent in a single HTTP/1 line. [Stefan Eissing] ) mod_http2: Avoid segfaults in case of handling certain responses for already aborted connections. [Stefan Eissing, Ruediger Pluem] ) mod_http2: The module now handles master/secondary connections and has marked methods according to use. [Stefan Eissing] ) core: Drop an invalid Last-Modified header value coming from a FCGI/CGI script instead of replacing it with Unix epoch. [Yann Ylavic, Luca Toscano] ) Add support for strict content-length parsing through addition of ap_parse_strict_length() [Yann Ylavic] ) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression evaluates to false. PR64365. [Michael König <mail ikoenig.net>] ) mod_proxy_http: flush spooled request body in one go to avoid OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=610 2020-08-07 12:32:10 +00:00			`pktsize = headerlen - 4;`
			`@@ -198,10 +198,12 @@ static int uwsgi_send_headers(request_re`
- fix crash in mod_proxy_uwsgi for empty values of environment variables - added patches fix https://svn.apache.org/viewvc?view=revision + apache2-mod_proxy_uwsgi-fix-crash.patch OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=607 2020-07-15 09:19:00 +00:00			`memcpy(ptr, env[j].key, keylen);`
			`ptr += keylen;`

			`- vallen = strlen(env[j].val);`
			`+ vallen = env[j].val ? strlen(env[j].val) : 0;`
			`*ptr++ = (apr_byte_t) (vallen & 0xff);`
			`*ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff);`
			`- memcpy(ptr, env[j].val, vallen);`
			`+ if (env[j].val) {`
			`+ memcpy(ptr, env[j].val, vallen);`
			`+ }`
			`ptr += vallen;`
			`}`