httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54344] New: Found lack of sanity checks for malloc() in file ab.c
Date Sat, 22 Dec 2012 18:37:49 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54344

            Bug ID: 54344
           Summary: Found lack of sanity checks for malloc() in file ab.c
           Product: Apache httpd-2
           Version: 2.4.3
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: wp02855@gmail.com
    Classification: Unclassified

Created attachment 29791
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=29791&action=edit
patch file for httpd-2.4.3/support/ab.c

In directory 'httpd-2.4.3/support', file 'ab.c', function
'ssl_proceed_handshake', I found an instance of a call to
malloc() without a check for a return value of NULL, indicating
failure.  Additionally, I found no instance where free() is
called to release the allocated memory prior to leaving
the function, causing the potential for a memory leak.

The patch file is below:

--- ab.c.orig   2012-12-21 17:21:39.451547287 -0800
+++ ab.c        2012-12-21 17:23:50.502769885 -0800
@@ -622,6 +622,10 @@
                     pk_bits = 0;  /* Anon DH */

                 ssl_info = malloc(128);
+                if (ssl_info == NULL) {
+                    fprintf(stderr, "ab: Could not allocate ssl_info data
buffer\n");
+                    return;
+                }
                 apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
                              SSL_CIPHER_get_version(ci),
                              SSL_CIPHER_get_name(ci),

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message