httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r555626 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/cache/mod_mem_cache.c
Date Thu, 12 Jul 2007 13:44:43 GMT
Author: covener
Date: Thu Jul 12 06:44:42 2007
New Revision: 555626

URL: http://svn.apache.org/viewvc?view=rev&rev=555626
Log:
backport of the mod_mem_cache apr_table_copy pool ancestry abuse

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/cache/mod_mem_cache.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=diff&rev=555626&r1=555625&r2=555626
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu Jul 12 06:44:42 2007
@@ -12,6 +12,11 @@
   *) mod_cache: Correctly handle HEAD requests on expired cache content.
      PR 41230.  [Niklas Edmundsson <nikke acc.umu.se>]
 
+  *) SECURITY: CVE-2007-1862 (cve.mitre.org)
+     mod_mem_cache: Copy headers into longer lived storage; header names and
+     values could previously point to cleaned up storage
+     PR 41551 [Davi Arnaut <davi haxent.com.br>]
+
   *) mod_cache: Let Cache-Control max-age set the expiration of the cached
      representation if Expires is not set.  [Justin Erenkrantz]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?view=diff&rev=555626&r1=555625&r2=555626
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Jul 12 06:44:42 2007
@@ -105,17 +105,6 @@
         http://svn.apache.org/viewvc?view=rev&revision=546128
       +1: jfclere, jim, rpluem
 
-    * SECURITY: CVE-2007-1862 (cve.mitre.org)
-      mod_mem_cache: Copy headers into longer lived storage; header names and
-      values could previously point to cleaned up storage
-      PR 41551
-      Trunk version of patch:
-        http://svn.apache.org/viewvc?view=rev&revision=543515
-      2.2.x version of patch:
-        http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff
-      +1: covener, jorton, rpluem
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * ApacheMonitor: Fix Windows Vista detection.

Modified: httpd/httpd/branches/2.2.x/modules/cache/mod_mem_cache.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/mod_mem_cache.c?view=diff&rev=555626&r1=555625&r2=555626
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/cache/mod_mem_cache.c (original)
+++ httpd/httpd/branches/2.2.x/modules/cache/mod_mem_cache.c Thu Jul 12 06:44:42 2007
@@ -539,12 +539,28 @@
     return OK;
 }
 
+static apr_table_t *deep_table_copy(apr_pool_t *p, const apr_table_t *table)
+{
+    const apr_array_header_t *array = apr_table_elts(table);
+    apr_table_entry_t *elts = (apr_table_entry_t *) array->elts;
+    apr_table_t *copy = apr_table_make(p, array->nelts);
+    int i;
+
+    for (i = 0; i < array->nelts; i++) {
+        if (elts[i].key) {  
+            apr_table_add(copy, elts[i].key, elts[i].val);
+        }
+    }
+
+    return copy;
+}
+
 static apr_status_t recall_headers(cache_handle_t *h, request_rec *r)
 {
     mem_cache_object_t *mobj = (mem_cache_object_t*) h->cache_obj->vobj;
 
-    h->req_hdrs = apr_table_copy(r->pool, mobj->req_hdrs);
-    h->resp_hdrs = apr_table_copy(r->pool, mobj->header_out);
+    h->req_hdrs = deep_table_copy(r->pool, mobj->req_hdrs);
+    h->resp_hdrs = deep_table_copy(r->pool, mobj->header_out);
 
     return OK;
 }
@@ -585,7 +601,7 @@
      * - The original response headers (for returning with a cached response)
      * - The body of the message
      */
-    mobj->req_hdrs = apr_table_copy(mobj->pool, r->headers_in);
+    mobj->req_hdrs = deep_table_copy(mobj->pool, r->headers_in);
 
     /* Precompute how much storage we need to hold the headers */
     headers_out = ap_cache_cacheable_hdrs_out(r->pool, r->headers_out,
@@ -599,7 +615,7 @@
     }
 
     headers_out = apr_table_overlay(r->pool, headers_out, r->err_headers_out);
-    mobj->header_out = apr_table_copy(mobj->pool, headers_out);
+    mobj->header_out = deep_table_copy(mobj->pool, headers_out);
 
     /* Init the info struct */
     obj->info.status = info->status;



Mime
View raw message