Patch from upstream to fix a NULL dereference, ok ?
Cheers
Giovanni
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/apache-httpd/Makefile,v
retrieving revision 1.103
diff -u -p -r1.103 Makefile
--- Makefile 17 Apr 2020 16:26:32 -0000 1.103
+++ Makefile 17 Jul 2020 08:45:58 -0000
@@ -5,7 +5,7 @@ COMMENT= apache HTTP server
V= 2.4.43
DISTNAME= httpd-${V}
PKGNAME= apache-httpd-${V}
-REVISION= 0
+REVISION= 1
CATEGORIES= www net
Index: patches/patch-modules_proxy_mod_proxy_uwsgi_c
===================================================================
RCS file: patches/patch-modules_proxy_mod_proxy_uwsgi_c
diff -N patches/patch-modules_proxy_mod_proxy_uwsgi_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_proxy_mod_proxy_uwsgi_c 17 Jul 2020 08:45:58 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Avoid NULL pointer dereferences for empty environment variable values
+PR 64598
+
+Index: modules/proxy/mod_proxy_uwsgi.c
+--- modules/proxy/mod_proxy_uwsgi.c.orig
++++ modules/proxy/mod_proxy_uwsgi.c
+@@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_rec *r, proxy_co
+ env = (apr_table_entry_t *) env_table->elts;
+
+ for (j = 0; j < env_table->nelts; ++j) {
+- headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val);
++ headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0);
+ }
+
+ ptr = buf = apr_palloc(r->pool, headerlen);
+@@ -189,10 +189,12 @@ static int uwsgi_send_headers(request_rec *r, proxy_co
+ memcpy(ptr, env[j].key, keylen);
+ ptr += keylen;
+
+- vallen = strlen(env[j].val);
++ vallen = env[j].val ? strlen(env[j].val) : 0;
+ *ptr++ = (apr_byte_t) (vallen & 0xff);
+ *ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff);
+- memcpy(ptr, env[j].val, vallen);
++ if (env[j].val) {
++ memcpy(ptr, env[j].val, vallen);
++ }
+ ptr += vallen;
+ }
+
