Actions
Bug #1647
closedcgi_env_add does not terminate the env list with null
ASK QUESTIONS IN Forums:
Description
mod_cgi calls execve, which takes a pointer to the environment of the form char* envp[]. The last of those pointers should be null, and every string should be zero terminated.
The function cgi_env_add does not guarantee that the last env pointer will be null. I pasted the corrected code. This code makes sure there's an extra pointer at the end, and after adding the new environment and increasing the count adds a 0 in the last one.
int cgi_env_add(char_array *env, const char *key, size_t key_len, const char *val, size_t val_len) {
char *dst;
if (!key || !val) return -1;
dst = (char*)malloc(key_len + val_len + 3);
memcpy(dst, key, key_len);
dst[[key_len]] = '=';
/* add the \0 from the value */
memcpy(dst + key_len + 1, val, val_len + 1);
if (env->size == 0) {
env->size = 16;
env->ptr = (char**)malloc(env->size * sizeof(env->ptr));
''' } else if (env->size == (env->used+1)) {'''
env->size += 16;
env->ptr = (char*)realloc(env->ptr, env->size * sizeof(*env->ptr));
}
env->ptr[[env->used++]] = dst;
''' env->ptr[[env->used]] = 0;'''
return 0;
}
-- mibrahim
Updated by stbuehler over 16 years ago
- Status changed from New to Fixed
- Resolution set to invalid
Perhaps you should have read where cgi_env_add is used - the environment is fixed before it is used.
Actions
Also available in: Atom