httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52816] New: Potential segfault in socache_shmcb_create
Date Sat, 03 Mar 2012 22:27:34 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52816

             Bug #: 52816
           Summary: Potential segfault in socache_shmcb_create
           Product: Apache httpd-2
           Version: 2.4.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tixu@cs.ucsd.edu
    Classification: Unclassified


In Apache-2.4.1, the mod_dav_fs module has potential bug which may lead to
segment fault.

The problem is the use of ap_server_root_relative() which may return a NULL
pointer. The current version doesn't check whether the return value is NULL or
not, but directly manipulate on it.

As is known, some misconfigurations may cause ap_server_root_relative() to
return a NULL pointer such as using a nonexistent drive letter on Windows (see
https://issues.apache.org/bugzilla/show_bug.cgi?id=39722). 


maybe the following patch makes sense?

*** mod_socache_shmcb.c 2012-03-03 14:15:48.010321827 -0800
--- test.c      2012-03-03 14:15:26.537838321 -0800
***************
*** 287,292 ****
--- 287,294 ----

      ctx->data_file = path = ap_server_root_relative(p, arg);

+     if(!path)
+       return "Invalid cache path";

      cp = strrchr(path, '(');
      cp2 = path + strlen(path) - 1;


PS: the "arg" is from the configuration parameter, for example, if you use:

SSLSessionCache        "shmcb:g:\somepath"

The arg is g:\somepath

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message