httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: bug in mod_dav.c
Date Sat, 05 Nov 2005 22:41:13 GMT


On 11/05/2005 09:42 PM, Ghassan Misherghi wrote:
> Hello,
> 
> For both httpd-2.0.55 and httpd-2.1.8 there is a bug in
> modules/dav/main/mod_dav.c.  It is a null pointer dereference in some error
> handling code, so I'm not surprised that no one has noticed this yet.
> 
> Look at line 2488 (in 2.0.55):
> 
>   if (err != NULL) {
>       return dav_handle_err(r, err, NULL);
>   }
>   if (err2 != NULL) {
>       /* just log a warning */
>       err = dav_push_error(r->pool, err->status, 0,
>                            "The MKCOL was successful, but there "
>                            "was a problem automatically checking in "
>                            "the parent collection.",
>                            err2);
>       dav_log_err(r, err, APLOG_WARNING);
>   }
> 
> Notice that for execution to pass to the second if statement, err must
> currently be null.  But then within the second if statement, err is
> immediately used in an argument as "err->status".  This will clearly
> result in a null pointer dereference.  Perhaps the author intended to write
> "err2->status".

Good catch. Thank you. I also think that it should be err2->status instead
of err->status. I just checked in a patch to the trunk
(r331041, http://svn.apache.org/viewcvs.cgi?rev=331041&view=rev).
Let's wait if there are any objections. If not I will try to get it backported.

Regards

RĂ¼diger

Mime
View raw message