httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject [PATCH] Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool (fwd)
Date Mon, 08 Dec 1997 22:49:52 GMT
This is true for 1.2.x and 1.3.

I would really appreciate it if someone would:

- Check for other instances of improperly assigning memory allocated
    from r->pool to r->connection.  This could quite easily explain
    some random SEGVs that some folk see.

- Find out why the heck the auth crud is stored in r->connection.
  Double check that it's properly reset after each during a keepalive
  session.

Thanks
Dean

---------- Forwarded message ----------
Date: 8 Dec 1997 22:40:01 -0000
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org,
From: Dean Gaudet <dgaudet@arctic.org>
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool

The following reply was made to PR mod_cern_meta/1500; it has been noted by GNATS.

From: Dean Gaudet <dgaudet@arctic.org>
To: Joe Condon <joecondon@unn.unisys.com>
Cc: Roy Wood <roywood@unn.unisys.com>, apbugs@apache.org
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool
Date: Mon, 8 Dec 1997 14:42:44 -0800 (PST)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
   Send mail to mime@docserver.cac.washington.edu for more info.
 
 --0__=YWpV06K7bc6q4UQbyk4u2g9kNrssA6hy8vcEy3xVm1mHiQDnJDlBW5zv
 Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
 Content-ID: <Pine.LNX.3.95dg3.971208143604.30600E@twinlark.arctic.org>
 
 On Mon, 8 Dec 1997, Joe Condon wrote:
 
 > r->connection->user value is the value that is getting hammered. This value
 > is set in the http_protocol.c source file in function get_basic_auth_pw()
 > at approximately line 1019.
 > 
 > 1019 r->connection->user = getword_nulls_nc(r->pool, &t, ?:?);
 > 
 > Storage allocation for this value occurs in the getword_nulls_nc() function
 > and it is allocated from the memory pool r->pool passed to the function.
 
 Excellent, thanks for looking into this in such depth.  The problem is
 that those allocations clearly should be made from r->connection->pool,
 because they have the same lifetime as r->connection.  Try this patch. 
 
 Dean
 
 --- http_protocol.c.dist	Mon Dec  8 14:29:51 1997
 +++ http_protocol.c	Mon Dec  8 14:35:26 1997
 @@ -935,7 +935,11 @@
      }
  
      t = uudecode (r->pool, auth_line);
 -    r->connection->user = getword_nulls_nc (r->pool, &t, ':');
 +    /* Note that this allocation has to be made from r->connection->pool
 +     * because it has the lifetime of the connection.  The other allocations
 +     * are temporary and can be tossed away any time.
 +     */
 +    r->connection->user = getword_nulls_nc (r->connection->pool, &t, ':');
      r->connection->auth_type = "Basic";
  
      *pw = t;
 
 --0__=YWpV06K7bc6q4UQbyk4u2g9kNrssA6hy8vcEy3xVm1mHiQDnJDlBW5zv--


Mime
View raw message