[Bug 64723] New: Three Null Pointer Dereference Bugs

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 64723] New: Three Null Pointer Dereference Bugs

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64723

            Bug ID: 64723
           Summary: Three Null Pointer Dereference Bugs
           Product: Apache httpd-2
           Version: 2.4-HEAD
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_dav
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

Hi guys,

We have found three NULL Pointer Dereference Bugs as follows.

1. Bug description: `dav_buffer_append` dereferences `str` at line 155 in
`modules/dav/main/util.c`, while `str` is potentially empty string

Root cause: `*fname_p = NULL` in the function `dav_fs_dir_file_name` defined in
`modules/dav/fs/repos.c`


2. Bug description: `dav_fs_insert_prop` dereferences `info` at line 2000 and
line 2004 in the form `info->name`, while `*info` can be null.

Root cause: Although it is claimed that info is not equal to NULL in the
annotation, we check the feasibility of the control flow path and find that
`modules/dav/main/liveprop.c` can set `*info = NULL` at line 127 in
`dav_get_liveprop_info` defined in `modules/dav/main/liveprop.c`

According to CWE 476, there are several problems with leaving the code with
null references. An attacker can take advantage of the opportunity to introduce
malicious code. In this case, we are not sure of the behavior of the compiler
when faced with a null reference.


Best regards

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64723] Three Null Pointer Dereference Bugs

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64723

Joe Orton <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED
                 OS|                            |All

--- Comment #1 from Joe Orton <[hidden email]> ---
Static analyzer output is not a bug.  Please try to turn these into
reproducible bugs, and report reliable reproduction recipes, otherwise do not
put this stuff in Bugzilla.  If you want to report static analyzer output to
dev@ that may be of general interest.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64723] Three Null Pointer Dereference Bugs

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64723

--- Comment #2 from Bingyu Shen <[hidden email]> ---
*** Bug 64725 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]