httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com>
Subject RE: ProxyBlock question
Date Tue, 24 Jul 2012 11:12:45 GMT


> -----Original Message-----
> From: Rainer Jung [mailto:]
> Sent: Dienstag, 24. Juli 2012 12:49
> To: dev@httpd.apache.org
> Subject: Re: ProxyBlock question
> 
> On 24.07.2012 11:22, Joe Orton wrote:
> 
> > (But reading that code again, you also lead me to another bug; the use
> > of apr_sockaddr_ip_get() against resolved addresses on the ->noproxies
> > list looks to be leaky/unsafe, it will allocate memory out of pconf
> each
> > time we check a resolved address!)
> 
> :(

I guess we should use apr_sockaddr_ip_getbuf instead and allocate the buffer
by ourselves from the correct pool / use a local char array of the maximum size needed,
which is IMHO 46. So something like this:

Index: modules/proxy/proxy_util.c        
===================================================================
--- modules/proxy/proxy_util.c  (revision 1364919)                 
+++ modules/proxy/proxy_util.c  (working copy)                     
@@ -759,6 +759,8 @@                                                
     return host != NULL && ap_strstr_c(host, This->name) != NULL; 
 }                                                                 

+#define MAX_IP_STR_LEN 46
+
 /* checks whether a host in uri_addr matches proxyblock */
 PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *conf,
                              apr_sockaddr_t *uri_addr)
@@ -783,10 +785,12 @@
         while (conf_addr) {
             uri_addr = src_uri_addr;
             while (uri_addr) {
-                char *conf_ip;
-                char *uri_ip;
-                apr_sockaddr_ip_get(&conf_ip, conf_addr);
-                apr_sockaddr_ip_get(&uri_ip, uri_addr);
+                char conf_ip[MAX_IP_STR_LEN];
+                char uri_ip[MAX_IP_STR_LEN];
+                apr_sockaddr_ip_getbuf(conf_ip, conf_addr->addr_str_len,
+                                       conf_addr);
+                apr_sockaddr_ip_getbuf(uri_ip, uri_addr->addr_str_len,
+                                       uri_addr);
                 ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
                               "ProxyBlock comparing %s and %s", conf_ip,
                               uri_ip);

Regards

Rüdiger

Mime
View raw message