httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: apache-1.3/src/include http_core.h
Date Mon, 29 Mar 2004 18:35:30 GMT
trawick     2004/03/29 10:35:30

  Modified:    .        STATUS
               src      CHANGES
               src/main http_core.c
               src/include http_core.h
  Log:
  Fix memory corruption problem with ap_custom_response() function.
  The core per-dir config would later point to request pool data
  that would be reused for different purposes on different requests.
  
  Submitted by:	Will Lowe
  Updated by:     Jeff Trawick
  Reviewed by:	stoddard, jim
  
  Revision  Changes    Path
  1.1078    +1 -9      apache-1.3/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.1077
  retrieving revision 1.1078
  diff -u -r1.1077 -r1.1078
  --- STATUS	29 Mar 2004 18:25:03 -0000	1.1077
  +++ STATUS	29 Mar 2004 18:35:29 -0000	1.1078
  @@ -50,14 +50,6 @@
     *  PR: 27023 Cookie could not delivered if the cookie made before
            proxy module.
   
  -   * ap_custom_response memory corruption
  -      discussion:
  -       Message-ID: <4062E7F3.7010707@attglobal.net>
  -       Subject: [1.3 PATCH] fix ap_custom_response() memory corruption issue
  -      patch:
  -       http://www.apache.org/~trawick/13_custom_response_patch
  -        +1: trawick, stoddard, jim
  -
   RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
   
      * isn't ap_die() broken with recognizing recursive errors
  
  
  
  1.1934    +5 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1933
  retrieving revision 1.1934
  diff -u -r1.1933 -r1.1934
  --- CHANGES	29 Mar 2004 17:47:13 -0000	1.1933
  +++ CHANGES	29 Mar 2004 18:35:29 -0000	1.1934
  @@ -1,5 +1,10 @@
   Changes with Apache 1.3.30
   
  +  *) Fix memory corruption problem with ap_custom_response() function.
  +     The core per-dir config would later point to request pool data
  +     that would be reused for different purposes on different requests.
  +     [Will Lowe, Jeff Trawick]
  +
     *) Reinit socket to allow mod_proxy to continue to try
        connections when invalid IPs are accessed. PR 27542.
        [Alexander Prohorenko <white extrasy.net>]
  
  
  
  1.332     +42 -12    apache-1.3/src/main/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
  retrieving revision 1.331
  retrieving revision 1.332
  diff -u -r1.331 -r1.332
  --- http_core.c	16 Feb 2004 22:29:33 -0000	1.331
  +++ http_core.c	29 Mar 2004 18:35:29 -0000	1.332
  @@ -53,6 +53,15 @@
   #define MMAP_LIMIT              (4*1024*1024)
   #endif
   
  +typedef struct {
  +    /* Custom response strings registered via ap_custom_response(),
  +     * or NULL; check per-dir config if nothing found here
  +     */
  +    char **response_code_strings; /* from ap_custom_response(), not from
  +                                   * ErrorDocument
  +                                   */
  +} core_request_config;
  +
   /* Server core module... This module provides support for really basic
    * server operations, including options and commands which control the
    * operation of other modules.  Consider this the bureaucracy module.
  @@ -580,15 +589,30 @@
   
   API_EXPORT(char *) ap_response_code_string(request_rec *r, int error_index)
   {
  -    core_dir_config *conf;
  +    core_request_config *reqconf;
  +    core_dir_config *dirconf;
   
  -    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
  -						   &core_module); 
  +    /* prefer per-request settings, which are created by calls to
  +     * ap_custom_response()
  +     */
  +    reqconf = (core_request_config *)ap_get_module_config(r->request_config,
  +                                                          &core_module); 
   
  -    if (conf->response_code_strings == NULL) {
  +    if (reqconf != NULL &&
  +        reqconf->response_code_strings != NULL &&
  +        reqconf->response_code_strings[error_index] != NULL) {
  +        return reqconf->response_code_strings[error_index];
  +    }
  +
  +    /* check for string specified via ErrorDocument */
  +    dirconf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
  +                                                      &core_module);
  +
  +    if (dirconf->response_code_strings == NULL) {
   	return NULL;
       }
  -    return conf->response_code_strings[error_index];
  +
  +    return dirconf->response_code_strings[error_index];
   }
   
   
  @@ -1193,20 +1217,26 @@
   
   API_EXPORT(void) ap_custom_response(request_rec *r, int status, char *string)
   {
  -    core_dir_config *conf = 
  -	ap_get_module_config(r->per_dir_config, &core_module);
  +    core_request_config *reqconf =
  +	ap_get_module_config(r->request_config, &core_module);
       int idx;
   
  -    if(conf->response_code_strings == NULL) {
  -        conf->response_code_strings = 
  +    if (reqconf == NULL) {
  +        reqconf = (core_request_config *)ap_pcalloc(r->pool,
  +                                                    sizeof(core_request_config));
  +        ap_set_module_config(r->request_config, &core_module, reqconf);
  +    }
  +    
  +    if (reqconf->response_code_strings == NULL) {
  +        reqconf->response_code_strings = 
   	    ap_pcalloc(r->pool,
  -		    sizeof(*conf->response_code_strings) * 
  -		    RESPONSE_CODES);
  +                       sizeof(reqconf->response_code_strings) * 
  +                       RESPONSE_CODES);
       }
   
       idx = ap_index_of_response(status);
   
  -    conf->response_code_strings[idx] = 
  +    reqconf->response_code_strings[idx] = 
          ((ap_is_url(string) || (*string == '/')) && (*string != '"')) ? 
          ap_pstrdup(r->pool, string) : ap_pstrcat(r->pool, "\"", string, NULL);
   }
  
  
  
  1.74      +3 -1      apache-1.3/src/include/http_core.h
  
  Index: http_core.h
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/include/http_core.h,v
  retrieving revision 1.73
  retrieving revision 1.74
  diff -u -r1.73 -r1.74
  --- http_core.h	16 Feb 2004 22:25:08 -0000	1.73
  +++ http_core.h	29 Mar 2004 18:35:29 -0000	1.74
  @@ -209,7 +209,9 @@
        * This lets us do quick merges in merge_core_dir_configs().
        */
     
  -    char **response_code_strings;
  +    char **response_code_strings; /* from ErrorDocument, not from
  +                                   * ap_custom_response()
  +                                   */
   
       /* Hostname resolution etc */
   #define HOSTNAME_LOOKUP_OFF	0
  
  
  

Mime
View raw message