Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 30471 invoked from network); 25 Feb 2008 11:01:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Feb 2008 11:01:56 -0000 Received: (qmail 10589 invoked by uid 500); 25 Feb 2008 11:01:44 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 10538 invoked by uid 500); 25 Feb 2008 11:01:44 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 10527 invoked by uid 99); 25 Feb 2008 11:01:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Feb 2008 03:01:44 -0800 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jorton@redhat.com designates 66.187.233.31 as permitted sender) Received: from [66.187.233.31] (HELO mx1.redhat.com) (66.187.233.31) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Feb 2008 11:01:10 +0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m1PB1J9s005566 for ; Mon, 25 Feb 2008 06:01:19 -0500 Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX1+W22cAxGK5cxt+RvGx4uCZTlticmHsiFU@vpn-14-93.rdu.redhat.com [10.11.14.93]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m1PB1ImI012306 for ; Mon, 25 Feb 2008 06:01:18 -0500 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68) (envelope-from ) id 1JTb5C-0005fF-3H for dev@httpd.apache.org; Mon, 25 Feb 2008 11:01:18 +0000 Date: Mon, 25 Feb 2008 11:01:18 +0000 From: Joe Orton To: dev@httpd.apache.org Subject: Re: svn commit: r630307 - in /httpd/httpd/trunk/modules/ssl: ssl_private.h ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_memcache.c ssl_scache_shmcb.c Message-ID: <20080225110118.GB7265@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <20080222195845.B995D1A983A@eris.apache.org> <47BFF81A.1060705@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <47BFF81A.1060705@apache.org> User-Agent: Mutt/1.5.17 (2007-11-01) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254 X-Virus-Checked: Checked by ClamAV on apache.org On Sat, Feb 23, 2008 at 11:40:26AM +0100, Ruediger Pluem wrote: > On 02/22/2008 08:58 PM, jorton@apache.org wrote: >> Author: jorton >> Date: Fri Feb 22 11:58:39 2008 >> New Revision: 630307 >> >> URL: http://svn.apache.org/viewvc?rev=630307&view=rev ... >> memcpy(&expiry, dbmval.dptr, sizeof(time_t)); >> + memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData); > > Shouldn't we do > > *destlen = nData; > > here? Fixed both of those cases in r630787. >> ============================================================================== >> --- httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c (original) >> +++ httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c Fri Feb 22 11:58:39 2008 ... >> + /* Only consider 'idx' if the id matches, and the "removed" >> + * flag isn't set; check the data length too to avoid a buffer >> + * overflow in case of corruption, which should be impossible, >> + * but it's cheap to be safe. */ >> + if (idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen >> + && shmcb_cyclic_memcmp(header->subcache_data_size, >> + SHMCB_DATA(header, subcache), >> + idx->data_pos, id, idx->id_len) == 0) { > > Where do you check for the removed flag? And both of those cases in r630786. Thanks a lot for the careful review! joe