httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0/modules/generators mod_cgid.c
Date Thu, 02 Oct 2003 11:58:57 GMT
trawick     2003/10/02 04:58:57

  Modified:    .        CHANGES
               modules/generators mod_cgid.c
  Log:
  mod_cgid: fix a hash table corruption problem which could
  result in the wrong script being cleaned up at the end of a
  request.
  
  Unique storage was not used for the key, as the code assumed
  incorrectly that apr_hash_set() made a copy of the key.  Thus,
  when the script pid was looked up at the end of the request,
  some other script's pid could be found.
  
  Revision  Changes    Path
  1.1289    +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1288
  retrieving revision 1.1289
  diff -u -r1.1288 -r1.1289
  --- CHANGES	30 Sep 2003 17:45:54 -0000	1.1288
  +++ CHANGES	2 Oct 2003 11:58:56 -0000	1.1289
  @@ -2,6 +2,10 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_cgid: fix a hash table corruption problem which could
  +     result in the wrong script being cleaned up at the end of a
  +     request.  [Jeff Trawick]
  +
     *) Log an error when requests for URIs which fail to map to a valid 
        filesystem name are rejected with 403.  [Jeff Trawick]
   
  
  
  
  1.157     +20 -1     httpd-2.0/modules/generators/mod_cgid.c
  
  Index: mod_cgid.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgid.c,v
  retrieving revision 1.156
  retrieving revision 1.157
  diff -u -r1.156 -r1.157
  --- mod_cgid.c	3 Sep 2003 19:27:05 -0000	1.156
  +++ mod_cgid.c	2 Oct 2003 11:58:57 -0000	1.157
  @@ -778,7 +778,26 @@
                                apr_filepath_name_get(r->filename));
               }
               else {
  -                apr_hash_set(script_hash, &cgid_req.conn_id, sizeof(cgid_req.conn_id),

  +                /* We don't want to leak storage for the key, so only allocate
  +                 * a key if the key doesn't exist yet in the hash; there are
  +                 * only a limited number of possible keys (one for each
  +                 * possible thread in the server), so we can allocate a copy
  +                 * of the key the first time a thread has a cgid request.
  +                 * Note that apr_hash_set() only uses the storage passed in
  +                 * for the key if it is adding the key to the hash for the
  +                 * first time; new key storage isn't needed for replacing the
  +                 * existing value of a key.
  +                 */
  +                void *key;
  +
  +                if (apr_hash_get(script_hash, &cgid_req.conn_id, sizeof(cgid_req.conn_id)))
{
  +                    key = &cgid_req.conn_id;
  +                }
  +                else {
  +                    key = apr_pcalloc(pcgi, sizeof(cgid_req.conn_id));
  +                    memcpy(key, &cgid_req.conn_id, sizeof(cgid_req.conn_id));
  +                }
  +                apr_hash_set(script_hash, key, sizeof(cgid_req.conn_id),
                                (void *)procnew->pid);
               }
           }
  
  
  

Mime
View raw message