httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52816] New: Potential segfault in socache_shmcb_create
Date Sat, 03 Mar 2012 22:27:34 GMT

             Bug #: 52816
           Summary: Potential segfault in socache_shmcb_create
           Product: Apache httpd-2
           Version: 2.4.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
    Classification: Unclassified

In Apache-2.4.1, the mod_dav_fs module has potential bug which may lead to
segment fault.

The problem is the use of ap_server_root_relative() which may return a NULL
pointer. The current version doesn't check whether the return value is NULL or
not, but directly manipulate on it.

As is known, some misconfigurations may cause ap_server_root_relative() to
return a NULL pointer such as using a nonexistent drive letter on Windows (see 

maybe the following patch makes sense?

*** mod_socache_shmcb.c 2012-03-03 14:15:48.010321827 -0800
--- test.c      2012-03-03 14:15:26.537838321 -0800
*** 287,292 ****
--- 287,294 ----

      ctx->data_file = path = ap_server_root_relative(p, arg);

+     if(!path)
+       return "Invalid cache path";

      cp = strrchr(path, '(');
      cp2 = path + strlen(path) - 1;

PS: the "arg" is from the configuration parameter, for example, if you use:

SSLSessionCache        "shmcb:g:\somepath"

The arg is g:\somepath

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message