Merge r1866760 from ^/httpd/apreq/trunk:
authorJoe Orton <jorton@apache.org>
Mon, 30 Sep 2019 09:50:44 +0000 (09:50 +0000)
committerJoe Orton <jorton@apache.org>
Mon, 30 Sep 2019 09:50:44 +0000 (09:50 +0000)
parser_multipart: fix NULL pointer dereference in nested multipart

create_multipart_context() can return NULL if the given Content-Type
was not recognized (if there is no "boundary" attribute).  This
crashes libapreq2.

This bug was introduced by SVN commit 227276.  Prior to this commit,
there was a NULL check, but the commit removed it:

 http://svn.apache.org/viewvc/httpd/apreq/trunk/library/parser_multipart.c?r1=227276&r2=227275&pathrev=227276

Submitted by: max

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1867761 13f79535-47bb-0310-9956-ffa450edef68

server/apreq_parser_multipart.c

index 60b5bad..4242b7e 100644 (file)
@@ -410,6 +410,10 @@ APREQ_DECLARE_PARSER(apreq_parse_multipart)
                                                     parser->brigade_limit,
                                                     parser->temp_dir,
                                                     ctx->level + 1);
+                if (next_ctx == NULL) {
+                    ctx->status = MFD_ERROR;
+                    goto mfd_parse_brigade;
+                }
 
                 next_ctx->param_name = "";