apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1733678 - in /apr/apr-util/branches/1.5.x: ./ CHANGES memcache/apr_memcache.c
Date Sat, 05 Mar 2016 00:02:26 GMT
Author: ylavic
Date: Sat Mar  5 00:02:25 2016
New Revision: 1733678

URL: http://svn.apache.org/viewvc?rev=1733678&view=rev
Log:
apr_memcache: merge r1711657 from trunk.
Abort connections and error out on unexpected value, length or type
returned by the memcache server for multigetp.

Reported/Proposed by: Jeffrey Crowell <jcrowell google.com>
Adapted/Committed/Backported by: ylavic

Modified:
    apr/apr-util/branches/1.5.x/   (props changed)
    apr/apr-util/branches/1.5.x/CHANGES
    apr/apr-util/branches/1.5.x/memcache/apr_memcache.c

Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Mar  5 00:02:25 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1722547,1728958,1728963
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963
 /apr/apr-util/branches/1.3.x:896410,1154885
 /apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
 /apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630,1626561

Modified: apr/apr-util/branches/1.5.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/CHANGES?rev=1733678&r1=1733677&r2=1733678&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.5.x/CHANGES [utf-8] Sat Mar  5 00:02:25 2016
@@ -1,6 +1,10 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.5.5
 
+  *) apr_memcache: Abort connections and error out on unexpected value,
+     length or type returned by the memcache server for multigetp.
+     [Jeffrey Crowell <jcrowell google.com>, Yann Ylavic]
+
   *) apr_crypto_openssl: Add support for OpenSSL 1.1.0.
      [Rainer Jung]
 

Modified: apr/apr-util/branches/1.5.x/memcache/apr_memcache.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/memcache/apr_memcache.c?rev=1733678&r1=1733677&r2=1733678&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/memcache/apr_memcache.c (original)
+++ apr/apr-util/branches/1.5.x/memcache/apr_memcache.c Sat Mar  5 00:02:25 2016
@@ -728,6 +728,26 @@ apr_memcache_replace(apr_memcache_t *mc,
 
 }
 
+/*
+ * Parses a decimal size from size_str, returning the value in *size.
+ * Returns 1 if parsing was successful, 0 if parsing failed.
+ */
+static int parse_size(const char *size_str, apr_size_t *size)
+{
+    char *endptr;
+    long size_as_long;
+
+    errno = 0;
+    size_as_long = strtol(size_str, &endptr, 10);
+    if ((size_as_long < 0) || (errno != 0) || (endptr == size_str) ||
+        (endptr[0] != ' ' && (endptr[0] != '\r' || endptr[1] != '\n'))) {
+        return 0;
+    }
+
+    *size = (unsigned long)size_as_long;
+    return 1;
+}
+
 APU_DECLARE(apr_status_t)
 apr_memcache_getp(apr_memcache_t *mc,
                   apr_pool_t *p,
@@ -796,13 +816,10 @@ apr_memcache_getp(apr_memcache_t *mc,
         }
 
         length = apr_strtok(NULL, " ", &last);
-        if (length) {
-            len = strtol(length, (char **)NULL, 10);
-        }
-
-        if (len == 0 )  {
-            *new_length = 0;
-            *baton = NULL;
+        if (!length || !parse_size(length, &len)) {
+            ms_bad_conn(ms, conn);
+            apr_memcache_disable_server(mc, ms);
+            return APR_EGENERAL;
         }
         else {
             apr_bucket_brigade *bbb;
@@ -810,7 +827,6 @@ apr_memcache_getp(apr_memcache_t *mc,
 
             /* eat the trailing \r\n */
             rv = apr_brigade_partition(conn->bb, len+2, &e);
-
             if (rv != APR_SUCCESS) {
                 ms_bad_conn(ms, conn);
                 apr_memcache_disable_server(mc, ms);
@@ -820,17 +836,14 @@ apr_memcache_getp(apr_memcache_t *mc,
             bbb = apr_brigade_split(conn->bb, e);
 
             rv = apr_brigade_pflatten(conn->bb, baton, &len, p);
-
             if (rv != APR_SUCCESS) {
                 ms_bad_conn(ms, conn);
-                apr_memcache_disable_server(mc, ms);
                 return rv;
             }
 
             rv = apr_brigade_destroy(conn->bb);
             if (rv != APR_SUCCESS) {
                 ms_bad_conn(ms, conn);
-                apr_memcache_disable_server(mc, ms);
                 return rv;
             }
 
@@ -848,14 +861,18 @@ apr_memcache_getp(apr_memcache_t *mc,
         }
 
         if (strncmp(MS_END, conn->buffer, MS_END_LEN) != 0) {
-            rv = APR_EGENERAL;
+            ms_bad_conn(ms, conn);
+            apr_memcache_disable_server(mc, ms);
+            return APR_EGENERAL;
         }
     }
     else if (strncmp(MS_END, conn->buffer, MS_END_LEN) == 0) {
         rv = APR_NOTFOUND;
     }
     else {
-        rv = APR_EGENERAL;
+        ms_bad_conn(ms, conn);
+        apr_memcache_disable_server(mc, ms);
+        return APR_EGENERAL;
     }
 
     ms_release_conn(ms, conn);
@@ -1358,74 +1375,68 @@ apr_memcache_multgetp(apr_memcache_t *mc
                char *last;
                char *data;
                apr_size_t len = 0;
+               apr_bucket *e = NULL;
 
                key = apr_strtok(conn->buffer, " ", &last); /* just the VALUE, ignore
*/
                key = apr_strtok(NULL, " ", &last);
                flags = apr_strtok(NULL, " ", &last);
-
-
                length = apr_strtok(NULL, " ", &last);
-               if (length) {
-                   len = strtol(length, (char **) NULL, 10);
+
+               if (!length || !parse_size(length, &len)) {
+                   rv = APR_EGENERAL;
+               }
+               else {
+                   /* eat the trailing \r\n */
+                   rv = apr_brigade_partition(conn->bb, len+2, &e);
+               }
+               if (rv != APR_SUCCESS) {
+                   apr_pollset_remove (pollset, &activefds[i]);
+                   mget_conn_result(TRUE, FALSE, rv, mc, ms, conn,
+                                    server_query, values, server_queries);
+                   queries_sent--;
+                   continue;
                }
 
                value = apr_hash_get(values, key, strlen(key));
-
-               
                if (value) {
-                   if (len != 0)  {
-                       apr_bucket_brigade *bbb;
-                       apr_bucket *e;
-                       
-                       /* eat the trailing \r\n */
-                       rv = apr_brigade_partition(conn->bb, len+2, &e);
-                       
-                       if (rv != APR_SUCCESS) {
-                           apr_pollset_remove (pollset, &activefds[i]);
-                           mget_conn_result(FALSE, FALSE, rv, mc, ms, conn,
-                                            server_query, values, server_queries);
-                           queries_sent--;
-                           continue;
-                       }
-                       
-                       bbb = apr_brigade_split(conn->bb, e);
-                       
-                       rv = apr_brigade_pflatten(conn->bb, &data, &len, data_pool);
-                       
-                       if (rv != APR_SUCCESS) {
-                           apr_pollset_remove (pollset, &activefds[i]);
-                           mget_conn_result(FALSE, FALSE, rv, mc, ms, conn,
-                                            server_query, values, server_queries);
-                           queries_sent--;
-                           continue;
-                       }
-                       
-                       rv = apr_brigade_destroy(conn->bb);
-                       if (rv != APR_SUCCESS) {
-                           apr_pollset_remove (pollset, &activefds[i]);
-                           mget_conn_result(FALSE, FALSE, rv, mc, ms, conn,
-                                            server_query, values, server_queries);
-                           queries_sent--;
-                           continue;
-                       }
-                       
-                       conn->bb = bbb;
-                       
-                       value->len = len - 2;
-                       data[value->len] = '\0';
-                       value->data = data;
+                   apr_bucket_brigade *bbb;
+
+                   bbb = apr_brigade_split(conn->bb, e);
+
+                   rv = apr_brigade_pflatten(conn->bb, &data, &len, data_pool);
+                   if (rv != APR_SUCCESS) {
+                       apr_pollset_remove (pollset, &activefds[i]);
+                       mget_conn_result(TRUE, FALSE, rv, mc, ms, conn,
+                                        server_query, values, server_queries);
+                       queries_sent--;
+                       continue;
+                   }
+
+                   rv = apr_brigade_destroy(conn->bb);
+                   if (rv != APR_SUCCESS) {
+                       apr_pollset_remove (pollset, &activefds[i]);
+                       mget_conn_result(TRUE, FALSE, rv, mc, ms, conn,
+                                        server_query, values, server_queries);
+                       queries_sent--;
+                       continue;
                    }
-                   
+
+                   conn->bb = bbb;
+
+                   value->len = len - 2;
+                   data[value->len] = '\0';
+                   value->data = data;
+
                    value->status = rv;
                    value->flags = atoi(flags);
-                   
+
                    /* stay on the server */
                    i--;
-                   
                }
                else {
-                   /* TODO: Server Sent back a key I didn't ask for or my
-                    *       hash is corrupt */
+                   /* Server Sent back a key I didn't ask for or my
+                    * hash is corrupt */
+                   rv = APR_EGENERAL;
                }
            }
            else if (strncmp(MS_END, conn->buffer, MS_END_LEN) == 0) {
@@ -1433,14 +1444,18 @@ apr_memcache_multgetp(apr_memcache_t *mc
                apr_pollset_remove (pollset, &activefds[i]);
                ms_release_conn(ms, conn);
                apr_hash_set(server_queries, &ms, sizeof(ms), NULL);
-               
                queries_sent--;
            }
            else {
                /* unknown reply? */
                rv = APR_EGENERAL;
            }
-           
+           if (rv != APR_SUCCESS) {
+               apr_pollset_remove (pollset, &activefds[i]);
+               mget_conn_result(TRUE, FALSE, rv, mc, ms, conn,
+                                server_query, values, server_queries);
+               queries_sent--;
+           }
         } /* /for */
     } /* /while */
     



Mime
View raw message