httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45116] New: fail to check return value of apr_file_dup2() in /server/log.c
Date Mon, 02 Jun 2008 21:21:36 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45116

           Summary: fail to check return value of apr_file_dup2() in
                    /server/log.c
           Product: Apache httpd-2
           Version: 2.2.8
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rxc92@case.edu


BUG#1
File Name: /scrlib/apr/threadproc/unix/proc.c
Correct Code: 
Function Nam: apr_procattr_child_out_set()

   129: APR_DECLARE(apr_status_t) apr_procattr_child_out_set(…)
   142:         rv = apr_file_dup2(attr->parent_out, parent_out, attr->pool);
   144:     return rv;
   145: }

Function Nam: apr_procattr_child_err_set()

   148: APR_DECLARE(apr_status_t) apr_procattr_child_err_set(…) 
   160:     if (parent_err != NULL && rv == APR_SUCCESS)
   161:         rv = apr_file_dup2(attr->parent_err, parent_err, attr->pool);
   163:     return rv;
   164: }

File Name: /server/log.c
Function Nam: log_child()
Buggy Code: 

 297:   rc = apr_procattr_child_out_set(procattr, outfile, NULL);
 298:   if (dummy_stderr)
 299:       rc = apr_procattr_child_err_set(procattr, outfile, NULL);
 300:   else if ((rc = apr_file_open_stderr(&errfile, p)) == APR_SUCCESS)
 301:       rc = apr_procattr_child_err_set(procattr, errfile, NULL);
 302: }

        //// if (rc!=APR_SUCCESS) is missed here

 304: rc = apr_proc_create(procnew, pname, (const char * const *)args,
 305:                      NULL, procattr, p);


Description: An error occurs if apr_file_dup2() outputs “!APR_SUCCESS”. The
function apr_procattr_child_out_set() and apr_procattr_child_err_set() return
the value outputted by apr_file_dup2() directly. Thus, an error occurs also if
apr_procattr_child_out_set() or apr_procattr_child_err_set() returns
“!APR_SUCCESS”. However, the outputs of apr_procattr_child_out_set() and
apr_procattr_child_err_set() are not checked in the above code. 

=====================================================================



BUG#2
Category: 1 (99)
File Name: /scrlib/apr/threadproc/unix/proc.c
Correct Code: 
Function Nam: apr_procattr_child_out_set()

   129: APR_DECLARE(apr_status_t) apr_procattr_child_out_set(…)
   142:         rv = apr_file_dup2(attr->parent_out, parent_out, attr->pool);
   144:     return rv;
   145: }

Function Nam: apr_procattr_child_err_set()

   148: APR_DECLARE(apr_status_t) apr_procattr_child_err_set(…) 
   160:     if (parent_err != NULL && rv == APR_SUCCESS)
   161:         rv = apr_file_dup2(attr->parent_err, parent_err, attr->pool);
   163:     return rv;
   164: }

File Name: /server/log.c
Function Nam: piped_log_spawn()
Buggy Code: 

   906:     if ((status = apr_file_open_stdout(&outfile, pl->p)) ==
APR_SUCCESS)
   907:         status = apr_procattr_child_out_set(procattr, outfile, NULL);
   908:     if ((status = apr_file_open_stderr(&errfile, pl->p)) ==
APR_SUCCESS)
   909:         status = apr_procattr_child_err_set(procattr, errfile, NULL);


Description: An error occurs if apr_file_dup2() outputs “!APR_SUCCESS”. The
function apr_procattr_child_out_set() and apr_procattr_child_err_set() return
the value outputted by apr_file_dup2() directly. Thus, an error occurs also if
apr_procattr_child_out_set() or apr_procattr_child_err_set() returns
“!APR_SUCCESS”. However, the outputs of apr_procattr_child_out_set() and
apr_procattr_child_err_set() are not checked in the above code. 

=====================================================================


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message