apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: apr/memory/unix apr_pools.c
Date Wed, 28 May 2003 04:39:42 GMT
jerenkrantz    2003/05/27 21:39:42

  Modified:    .        CHANGES
               test     teststr.c
               memory/unix apr_pools.c
  Log:
  Fixed a bug that could be triggered remotely through mod_dav and possibly other
  mechanisms, causing an Apache child process to crash.  The crash was first
  reported by David Endler <DEndler@iDefense.com> and was researched and fixed by
  Joe Orton <jorton@redhat.com>.  Details will be released on 30 May 2003.
  
  CVE: CAN-2003-0245
  Reported by: David Endler <DEndler@iDefense.com>
  Submitted by:	Joe Orton <jorton@redhat.com>
  Reviewed by:	Justin, Jim, Jeff
  
  Revision  Changes    Path
  1.409     +6 -2      apr/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apr/CHANGES,v
  retrieving revision 1.408
  retrieving revision 1.409
  diff -u -u -r1.408 -r1.409
  --- CHANGES	24 May 2003 10:30:40 -0000	1.408
  +++ CHANGES	28 May 2003 04:39:41 -0000	1.409
  @@ -1,7 +1,11 @@
   Changes with APR 0.9.4
   
  -  *) Added flag APR_FILE_ATTR_HIDDEN for manipulating the "hidden"
  -     file attribute on Windows and OS/2.  [Branko Cibej]
  +  *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered
  +     remotely through mod_dav and possibly other mechanisms, causing
  +     an Apache child process to crash.  The crash was first reported
  +     by David Endler <DEndler@iDefense.com> and was researched and
  +     fixed by Joe Orton <jorton@redhat.com>.  Details will be released
  +     on 30 May 2003.
   
     *) apr_proc_wait(): Handle interrupted waitpid(2) calls by calling
        it repeatedly until it succeeds or fails with errno other than
  
  
  
  1.16      +12 -0     apr/test/teststr.c
  
  Index: teststr.c
  ===================================================================
  RCS file: /home/cvs/apr/test/teststr.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -u -r1.15 -r1.16
  --- teststr.c	16 Apr 2003 01:26:14 -0000	1.15
  +++ teststr.c	28 May 2003 04:39:42 -0000	1.16
  @@ -195,6 +195,17 @@
        CuAssertStrEquals(tc, "The timeout specified has expired", buf);
   }
   
  +#define SIZE 180000
  +static void string_long(CuTest *tc)
  +{
  +    char s[SIZE + 1];
  +
  +    memset(s, 'A', SIZE);
  +    s[SIZE] = '\0';
  +
  +    apr_psprintf(p, "%s", s);
  +}
  +
   CuSuite *teststr(void)
   {
       CuSuite *suite = CuSuiteNew("Strings");
  @@ -205,6 +216,7 @@
       SUITE_ADD_TEST(suite, snprintf_int64);
       SUITE_ADD_TEST(suite, test_strtok);
       SUITE_ADD_TEST(suite, string_error);
  +    SUITE_ADD_TEST(suite, string_long);
   
       return suite;
   }
  
  
  
  1.196     +1 -1      apr/memory/unix/apr_pools.c
  
  Index: apr_pools.c
  ===================================================================
  RCS file: /home/cvs/apr/memory/unix/apr_pools.c,v
  retrieving revision 1.195
  retrieving revision 1.196
  diff -u -u -r1.195 -r1.196
  --- apr_pools.c	7 Mar 2003 12:12:43 -0000	1.195
  +++ apr_pools.c	28 May 2003 04:39:42 -0000	1.196
  @@ -976,7 +976,7 @@
   
           if (ps->got_a_new_node) {
               active->next = ps->free;
  -            ps->free = node;
  +            ps->free = active;
           }
   
           ps->got_a_new_node = 1;
  
  
  

Mime
View raw message