httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaillet...@apache.org
Subject svn commit: r1632736 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS modules/proxy/mod_proxy_http.c
Date Sat, 18 Oct 2014 06:57:40 GMT
Author: jailletc36
Date: Sat Oct 18 06:57:40 2014
New Revision: 1632736

URL: http://svn.apache.org/r1632736
Log:
Merge r1599486 from trunk

mod_proxy_http: Avoid (unlikely) access to freed memory.

Submitted by: ylavic
Reviewed by: ylavic, jorton, rjung
Backported by: jailletc36

Modified:
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1632736&r1=1632735&r2=1632736&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Oct 18 06:57:40 2014
@@ -13,6 +13,8 @@ Changes with Apache 2.4.11
      request headers earlier.  Adds "MergeTrailers" directive to restore
      legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
 
+  *) mod_proxy_http: Avoid (unlikely) access to freed memory. [Yann Ylavic]
+
   *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
        - to correctly reset bits
        - not to modify the 'method_mask' bitfield unnecessarily

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1632736&r1=1632735&r2=1632736&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sat Oct 18 06:57:40 2014
@@ -108,19 +108,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works
      +1: jkaluza, ylavic, rjung
 
-   * mod_proxy_http: Avoid (unlikely) access to freed memory.
-     trunk patch: http://svn.apache.org/r1599486
-     2.4.x patch: trunk works
-     +1: ylavic, jorton, rjung (as is)
-     covener: I did not look in depth, but is the preceding log message also bad?
-     ylavic: No, this concerns the next for (;; e = APR_BUCKET_NEXT(e)) iteration.
-             We could also s/apr_bucket_delete/APR_BUCKET_REMOVE/ instead, but
-             stripping some (unhandled) buckets from the source brigade does
-             not look correct to me either (brigade *to is to be consumed, but
-             *from is still living, the caller may want to reuse it, eg:
-             https://issues.apache.org/bugzilla/attachment.cgi?id=31686).
-             Should we?
-
    * mod_proxy: Make worker name truncation a non-fatal error.
      trunk patch: http://svn.apache.org/r1621367
                   http://svn.apache.org/r1621372

Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c?rev=1632736&r1=1632735&r2=1632736&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c Sat Oct 18 06:57:40 2014
@@ -687,7 +687,6 @@ static apr_status_t proxy_buckets_lifeti
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00964)
                           "Unhandled bucket type of type %s in"
                           " proxy_buckets_lifetime_transform", e->type->name);
-            apr_bucket_delete(e);
             rv = APR_EGENERAL;
         }
     }



Mime
View raw message