httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52559] [PATCH] Some PROPPATCH causing segfault in mod_dav_fs / mod_dav
Date Mon, 30 Jan 2012 12:43:07 GMT

--- Comment #3 from Diego Santa Cruz <> 2012-01-30 12:43:07
UTC ---
Created attachment 28230
Do not segfault on PROPFIND with a zero length DBM

As described above, when httpd segfaults during the PROPPATCH it leaves a zero
length DBM if no other dead properties existed for the resource. Doing a
PROPFIND on the resource segfaults httpd.

The cause of the segfault is that dav_get_allprops() does not check the return
value of the first_name() nor next_name() DB hooks for errors. When the DBM is
of zero length (both the .dir and .pag files are zero length) first_name()
returns an error and leaves its 'name' argument uninitialized. But then
'name.ns' is accessed just after the first_name() call, possibly causing a
segfault or other errors as 'name' is stack allocated.

The attached patch changes this so that the return value of first_name() and
next_name() is checked and the while loop on the properties be stopped in case
of error.

As it seems that dav_get_allprops() cannot return an error I could not see
another way to handle this situation and this is how errors on the
output_value() hook call are treated within dav_get_allprops() anyhow.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message