httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52559] [PATCH] Some PROPPATCH causing segfault in mod_dav_fs / mod_dav
Date Mon, 30 Jan 2012 12:43:07 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52559

--- Comment #3 from Diego Santa Cruz <Diego.SantaCruz@spinetix.com> 2012-01-30 12:43:07
UTC ---
Created attachment 28230
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=28230
Do not segfault on PROPFIND with a zero length DBM

As described above, when httpd segfaults during the PROPPATCH it leaves a zero
length DBM if no other dead properties existed for the resource. Doing a
PROPFIND on the resource segfaults httpd.

The cause of the segfault is that dav_get_allprops() does not check the return
value of the first_name() nor next_name() DB hooks for errors. When the DBM is
of zero length (both the .dir and .pag files are zero length) first_name()
returns an error and leaves its 'name' argument uninitialized. But then
'name.ns' is accessed just after the first_name() call, possibly causing a
segfault or other errors as 'name' is stack allocated.

The attached patch changes this so that the return value of first_name() and
next_name() is checked and the while loop on the properties be stopped in case
of error.

As it seems that dav_get_allprops() cannot return an error I could not see
another way to handle this situation and this is how errors on the
output_value() hook call are treated within dav_get_allprops() anyhow.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message