httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin J Walters <Kevin.Walt...@morganstanley.com>
Subject non thread safe functions used in apache httpd project
Date Wed, 12 Jan 2011 10:29:51 GMT

Hi,

Whilst looking at a thread safety issue in mod_fastcgi, i noticed
there's some suspicious looking code in apache httpd project.

server/mpm_common.c (2.2.17) has two functions ap_uname2id and
ap_gname2id which call getpwnam and getgrnam, two non-reentrant
functions.

Comparing with typical apr code that tends to have an #ifdef to
select function() vs function_r().

Perhaps ap_uname2id and ap_gname2id are not executed concurrently by
the current code base but if these are general purpose functions they
should be more cautious/safe?

Has the whole apache httpd 2.x project been scanned for use of
non-reentrant function calls?


regards

|<evin

-- 
Kevin J Walters                      Morgan Stanley
kjw@ms.com                           25 Cabot Square
Tel: 020 7425 7886                   Canary Wharf
Fax: 020 7056 6401                   London E14 4QA

Mime
View raw message