Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 59177 invoked from network); 17 Jan 2011 18:33:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 17 Jan 2011 18:33:49 -0000 Received: (qmail 32873 invoked by uid 500); 17 Jan 2011 18:33:48 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 32628 invoked by uid 500); 17 Jan 2011 18:33:46 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 32607 invoked by uid 99); 17 Jan 2011 18:33:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jan 2011 18:33:45 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [209.20.83.52] (HELO webthing) (209.20.83.52) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Jan 2011 18:33:39 +0000 Received: from [192.168.0.101] (cpc4-brig12-0-0-cust582.3-3.cable.virginmedia.com [86.7.234.71]) by webthing (Postfix) with ESMTPSA id 02AD040042 for ; Mon, 17 Jan 2011 18:33:17 +0000 (UTC) References: <19757.33439.47508.803448@gargle.gargle.HOWL> In-Reply-To: <19757.33439.47508.803448@gargle.gargle.HOWL> Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii Message-Id: <2C06BD90-7ECA-4E27-A9F1-17ED4332CA72@webthing.com> Content-Transfer-Encoding: quoted-printable From: Nick Kew Subject: Re: non thread safe functions used in apache httpd project Date: Mon, 17 Jan 2011 18:33:16 +0000 To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1082) On 12 Jan 2011, at 10:29, Kevin J Walters wrote: > Hi, I picked this up when you reported it in bugzilla. One feature of the = apache way of working is that no individual developer 'owns' your question = (unless you pay someone for support), so it risks going unanswered. > Whilst looking at a thread safety issue in mod_fastcgi, i noticed > there's some suspicious looking code in apache httpd project. >=20 > server/mpm_common.c (2.2.17) has two functions ap_uname2id and > ap_gname2id which call getpwnam and getgrnam, two non-reentrant > functions. I can say unambiguously that those functions are only used at server startup, before any threads are spawned. So not quite a bug. > Comparing with typical apr code that tends to have an #ifdef to > select function() vs function_r(). APR is a more general-purpose library, so it matters there. > Perhaps ap_uname2id and ap_gname2id are not executed concurrently by > the current code base but if these are general purpose functions they > should be more cautious/safe? Good point - thanks for making it. They are API functions and should = therefore either be thread-safe and reentrant or properly documented as unsafe. So yes, it's a bug! > Has the whole apache httpd 2.x project been scanned for use of > non-reentrant function calls? I couldn't refer you to any systematic scan. However, a lot of = third-parties come to us with reports of potential bugs based on scans of our codebase by a range of code-analysis tools. Developers and vendors of such tools come to apache in a variety of circumstances, from making a constructive contribution to seeking a high-profile and prestigious scalp! --=20 Nick Kew Available for work, contract or permanent http://www.webthing.com/~nick/cv.html