httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57868] New: SIGSEV when lacking correct DB access permissions
Date Tue, 28 Apr 2015 17:15:30 GMT

            Bug ID: 57868
           Summary: SIGSEV when lacking correct DB access permissions
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_dbd

Created attachment 32696
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table

If the dbd handle preparation fails due to a misconfiguration of the database
server or the access rights to the table, the server logs something along these

   AH00632: failed to prepare SQL statements: UPDATE command denied to 
   user 'foo'@'exampleorg' for table 'bar'

As a consequence, the call to dbd_handle(r) returns NULL. However, in
mod_authz_dbd, there was no control for the value of dbd before its being used
in both authz_dbd_login() and authzdbd_group():

       ap_dbd_t *dbd = dbd_handle(r);
        query = apr_hash_get(dbd->prepared, <--- SIGSEV

I'm attaching a patch that solves this issue. I didn't check to see if it also
occurs in other nz modules based on mod_dbd.c

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message