httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkal...@apache.org
Subject svn commit: r1663647 - /httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c
Date Tue, 03 Mar 2015 11:12:18 GMT
Author: jkaluza
Date: Tue Mar  3 11:12:18 2015
New Revision: 1663647

URL: http://svn.apache.org/r1663647
Log:
* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
bug with postgresql

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c?rev=1663647&r1=1663646&r2=1663647&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_dbd.c Tue Mar  3 11:12:18 2015
@@ -174,7 +174,8 @@ static authn_status authn_dbd_password(r
                 i++;
             }
 #endif
-            dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_password = apr_pstrdup(r->pool,
+                                       apr_dbd_get_entry(dbd->driver, row, 0));
         }
         /* we can't break out here or row won't get cleaned up */
     }
@@ -269,7 +270,8 @@ static authn_status authn_dbd_realm(requ
                 i++;
             }
 #endif
-            dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_hash = apr_pstrdup(r->pool,
+                                   apr_dbd_get_entry(dbd->driver, row, 0));
         }
         /* we can't break out here or row won't get cleaned up */
     }



Mime
View raw message