httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject [PATCH] Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool (fwd)
Date Mon, 08 Dec 1997 22:49:52 GMT
This is true for 1.2.x and 1.3.

I would really appreciate it if someone would:

- Check for other instances of improperly assigning memory allocated
    from r->pool to r->connection.  This could quite easily explain
    some random SEGVs that some folk see.

- Find out why the heck the auth crud is stored in r->connection.
  Double check that it's properly reset after each during a keepalive


---------- Forwarded message ----------
Date: 8 Dec 1997 22:40:01 -0000
From: Dean Gaudet <>
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool

The following reply was made to PR mod_cern_meta/1500; it has been noted by GNATS.

From: Dean Gaudet <>
To: Joe Condon <>
Cc: Roy Wood <>,
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool
Date: Mon, 8 Dec 1997 14:42:44 -0800 (PST)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
   Send mail to for more info.
 Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
 Content-ID: <>
 On Mon, 8 Dec 1997, Joe Condon wrote:
 > r->connection->user value is the value that is getting hammered. This value
 > is set in the http_protocol.c source file in function get_basic_auth_pw()
 > at approximately line 1019.
 > 1019 r->connection->user = getword_nulls_nc(r->pool, &t, ?:?);
 > Storage allocation for this value occurs in the getword_nulls_nc() function
 > and it is allocated from the memory pool r->pool passed to the function.
 Excellent, thanks for looking into this in such depth.  The problem is
 that those allocations clearly should be made from r->connection->pool,
 because they have the same lifetime as r->connection.  Try this patch. 
 --- http_protocol.c.dist	Mon Dec  8 14:29:51 1997
 +++ http_protocol.c	Mon Dec  8 14:35:26 1997
 @@ -935,7 +935,11 @@
      t = uudecode (r->pool, auth_line);
 -    r->connection->user = getword_nulls_nc (r->pool, &t, ':');
 +    /* Note that this allocation has to be made from r->connection->pool
 +     * because it has the lifetime of the connection.  The other allocations
 +     * are temporary and can be tossed away any time.
 +     */
 +    r->connection->user = getword_nulls_nc (r->connection->pool, &t, ':');
      r->connection->auth_type = "Basic";
      *pw = t;

View raw message