Return-Path: 
 <dev-return-82605-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0333618FD6
	for <apmail-httpd-dev-archive@www.apache.org>;
 Tue, 12 May 2015 11:47:25 +0000 (UTC)
Received: (qmail 88933 invoked by uid 500); 12 May 2015 11:47:24 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 88849 invoked by uid 500); 12 May 2015 11:47:24 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 88839 invoked by uid 99); 12 May 2015 11:47:24 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 May 2015 11:47:24 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id E17C218294F
	for <dev@httpd.apache.org>; Tue, 12 May 2015 11:47:23 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.68
X-Spam-Level: 
X-Spam-Status: No, score=0.68 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	KAM_ASCII_DIVIDERS=0.8, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id LRj5kDq7i-WX for <dev@httpd.apache.org>;
	Tue, 12 May 2015 11:47:16 +0000 (UTC)
Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com
 [209.85.213.178])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id DA17420D8A
	for <dev@httpd.apache.org>; Tue, 12 May 2015 11:47:15 +0000 (UTC)
Received: by igbhj9 with SMTP id hj9so8934972igb.1
        for <dev@httpd.apache.org>; Tue, 12 May 2015 04:46:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=6/HgEVNdQW01BFyL7XBS4BauDTzNJLC1koMts8/cg1E=;
        b=gOI+9SBEJWVk0mlc3KeU0LBie4hFCLOKKG2mfiKXa0XzwVFXNbjS83/kKDqhF8T4ek
         3X7+iMJ0w763T8ofs7Hkn7TGd3rheMwJJ0JK3eSpEoeyudjS0ycaF0uH3JIgJr9ftYJq
         YWT997rvOBizpCGwkVg5/9LOYAMhGNkL1uAQnlc9Y0nyHWZNGTqJjoa2ryJFQTcEnc9Q
         ChuzfM0yl9cDZ6Oe5l79O7E2gZec+PbYTlXR7ol0ANq53Vh9Rd7O62/aE8kP2JHwgSL3
         xYv9AciYKemrAm9s9xcslu1Rw8vht8xsii0GsqtJ56848SKUf7vmUMcCwspiubW1xdR3
         Vu5A==
MIME-Version: 1.0
X-Received: by 10.50.141.164 with SMTP id rp4mr20807867igb.2.1431431190081;
 Tue, 12 May 2015 04:46:30 -0700 (PDT)
Received: by 10.79.71.4 with HTTP; Tue, 12 May 2015 04:46:29 -0700 (PDT)
In-Reply-To: 
 <CAKQ1sVOoqNkFW_XjgH+VDLnMnsa_HtBXJRfC4LJdW1rdKsbWwA@mail.gmail.com>
References: <6BAB910D-B843-413F-B0C5-1FFB208FBD06@reverze.net>
	<CAKQ1sVMackiKUhFSD6AcLLkwE2xz3NWXTHKkxtL4aci7ZSZ8Kw@mail.gmail.com>
	<CAKQ1sVOoqNkFW_XjgH+VDLnMnsa_HtBXJRfC4LJdW1rdKsbWwA@mail.gmail.com>
Date: Tue, 12 May 2015 13:46:29 +0200
Message-ID: 
 <CAKQ1sVPyseBZJ-N2a=89LZtJ9RVnWeKrrD98MQKZfszS6hkmgQ@mail.gmail.com>
Subject: Re: [users@httpd] mod_authz_dbd regression in apache 2.4.12?
From: Yann Ylavic <ylavic.dev@gmail.com>
To: httpd <dev@httpd.apache.org>
Cc: michel@reverze.net
Content-Type: multipart/mixed; boundary=089e012953809e793e0515e10b84

--089e012953809e793e0515e10b84
Content-Type: text/plain; charset=UTF-8

(CC'ing Michel, sorry for the resend, my initial omission)

On Tue, May 12, 2015 at 10:41 AM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> This as been raised on users@.
>
> ---------- Forwarded message ----------
> From: Yann Ylavic <ylavic.dev@gmail.com>
> Date: Tue, May 12, 2015 at 10:09 AM
>
> On Mon, May 11, 2015 at 10:54 PM, Michel Stam <michel@reverze.net> wrote:
>>
>> I was tinkering over the weekend with mod_authz_dbd and mysql, and i could not get a RequireAny/RequireAll to match on multiple Require dbd-group statements.
>> It would always match only the last result from the query, but once for every row in the resultset.
>>
>> Example:
>>         <LocationMatch "/(?<name>[^/]+)/">
>>                 <RequireAny>
>>                         Require         user %{env:MATCH_NAME}
>>                         Require         dbd-group %{env:MATCH_NAME}
>>                         Require         dbd-group Administrators
>>                 </RequireAny>
>>         </LocationMatch>
>>
>> After some searching, it appeared to me to be a regression of this:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=46421
>
> The fix mentioned there is about APR's dbd (mysql) code but has never
> been pushed to a release (the bugzilla report is still open).
> As already discussed in [1] (with a simililar fix for mod_authn_dbd in
> [2]), I don't think it should be addressed in APR though (but in httpd
> as you and the OP of bugzilla #46421 proposed).
>
> There also seems to be other misuses of apr_dbd_get_entry() returned
> values in httpd, I'll start a thread on the dev@ mailing-list and
> propose a fix.
>
> [1] http://www.mail-archive.com/dev@apr.apache.org/msg26024.html
> [2] http://svn.apache.org/r1663647
>
> ---------- End of forwarded message ----------
>
> The issue is that apr_dbd_get_row()'s entries (usually pointed to by
> apr_dbd_get_entry(), depending on dbd though) get destroyed whenever
> apr_dbd_get_row() returns -1 (no more rows in iterative mode).
>
> This seem to be the case for several dbd systems implemented in APR,
> so I think we should take care of the entries' lifetime when used
> after an apr_dbd_get_row() loop.
> Thus, I think the attached patch should be applied, thoughts?
>
> PS: there are also APR dbd systems where the entries are duplicated on
> the apr_dbd_results' pool, so APR is not really consistent...

--089e012953809e793e0515e10b84
Content-Type: text/x-diff; charset=US-ASCII;
 name="httpd-trunk-dup_dbd_get_entry.patch"
Content-Disposition: attachment;
	filename="httpd-trunk-dup_dbd_get_entry.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_i9l92k831

SW5kZXg6IG1vZHVsZXMvYWFhL21vZF9hdXRoel9kYmQuYwo9PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBtb2R1bGVz
L2FhYS9tb2RfYXV0aHpfZGJkLmMJKHJldmlzaW9uIDE2Nzg3NjMpCisrKyBtb2R1bGVzL2FhYS9t
b2RfYXV0aHpfZGJkLmMJKHdvcmtpbmcgY29weSkKQEAgLTE3NCw3ICsxNzQsOSBAQCBzdGF0aWMg
aW50IGF1dGh6X2RiZF9sb2dpbihyZXF1ZXN0X3JlYyAqciwgYXV0aHpfZAogICAgICAgICAgICAg
ICAgICAgICAgICAgICBhY3Rpb24sIHItPnVzZXIsIG1lc3NhZ2U/bWVzc2FnZTpub2Vycm9yKTsK
ICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgZWxzZSBpZiAobmV3dXJpID09IE5V
TEwpIHsKLSAgICAgICAgICAgICAgICAgICAgbmV3dXJpID0gYXByX2RiZF9nZXRfZW50cnkoZGJk
LT5kcml2ZXIsIHJvdywgMCk7CisgICAgICAgICAgICAgICAgICAgIG5ld3VyaSA9CisgICAgICAg
ICAgICAgICAgICAgICAgICBhcHJfcHN0cmR1cChyLT5wb29sLAorICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgYXByX2RiZF9nZXRfZW50cnkoZGJkLT5kcml2ZXIsIHJvdywgMCkp
OwogICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAvKiB3ZSBjYW4ndCBicmVhayBv
dXQgaGVyZSBvciByb3cgd29uJ3QgZ2V0IGNsZWFuZWQgdXAgKi8KICAgICAgICAgICAgIH0KQEAg
LTIwNCw3ICsyMDYsNiBAQCBzdGF0aWMgaW50IGF1dGh6X2RiZF9ncm91cF9xdWVyeShyZXF1ZXN0
X3JlYyAqciwgYQogICAgIGFwcl9kYmRfcHJlcGFyZWRfdCAqcXVlcnk7CiAgICAgYXByX2RiZF9y
ZXN1bHRzX3QgKnJlcyA9IE5VTEw7CiAgICAgYXByX2RiZF9yb3dfdCAqcm93ID0gTlVMTDsKLSAg
ICBjb25zdCBjaGFyICoqZ3JvdXA7CiAKICAgICBpZiAoY2ZnLT5xdWVyeSA9PSBOVUxMKSB7CiAg
ICAgICAgIGFwX2xvZ19yZXJyb3IoQVBMT0dfTUFSSywgQVBMT0dfRVJSLCAwLCByLCBBUExPR05P
KDAxNjQ5KQpAQCAtMjI0LDggKzIyNSw5IEBAIHN0YXRpYyBpbnQgYXV0aHpfZGJkX2dyb3VwX3F1
ZXJ5KHJlcXVlc3RfcmVjICpyLCBhCiAgICAgICAgICAgICAgcnYgIT0gLTE7CiAgICAgICAgICAg
ICAgcnYgPSBhcHJfZGJkX2dldF9yb3coZGJkLT5kcml2ZXIsIHItPnBvb2wsIHJlcywgJnJvdywg
LTEpKSB7CiAgICAgICAgICAgICBpZiAocnYgPT0gMCkgewotICAgICAgICAgICAgICAgIGdyb3Vw
ID0gYXByX2FycmF5X3B1c2goZ3JvdXBzKTsKLSAgICAgICAgICAgICAgICAqZ3JvdXAgPSBhcHJf
ZGJkX2dldF9lbnRyeShkYmQtPmRyaXZlciwgcm93LCAwKTsKKyAgICAgICAgICAgICAgICBBUFJf
QVJSQVlfUFVTSChncm91cHMsIGNvbnN0IGNoYXIgKikgPQorICAgICAgICAgICAgICAgICAgICBh
cHJfcHN0cmR1cChyLT5wb29sLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHJf
ZGJkX2dldF9lbnRyeShkYmQtPmRyaXZlciwgcm93LCAwKSk7CiAgICAgICAgICAgICB9CiAgICAg
ICAgICAgICBlbHNlIHsKICAgICAgICAgICAgICAgICBtZXNzYWdlID0gYXByX2RiZF9lcnJvcihk
YmQtPmRyaXZlciwgZGJkLT5oYW5kbGUsIHJ2KTsKSW5kZXg6IG1vZHVsZXMvbWFwcGVycy9tb2Rf
cmV3cml0ZS5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT0KLS0tIG1vZHVsZXMvbWFwcGVycy9tb2RfcmV3cml0ZS5jCShy
ZXZpc2lvbiAxNjc4NzYzKQorKysgbW9kdWxlcy9tYXBwZXJzL21vZF9yZXdyaXRlLmMJKHdvcmtp
bmcgY29weSkKQEAgLTEzODQsMTIgKzEzODQsMTQgQEAgc3RhdGljIGNoYXIgKmxvb2t1cF9tYXBf
ZGJkKHJlcXVlc3RfcmVjICpyLCBjaGFyICoKICAgICB3aGlsZSAoKHJ2ID0gYXByX2RiZF9nZXRf
cm93KGRiLT5kcml2ZXIsIHItPnBvb2wsIHJlcywgJnJvdywgLTEpKSA9PSAwKSB7CiAgICAgICAg
ICsrbjsKICAgICAgICAgaWYgKHJldCA9PSBOVUxMKSB7Ci0gICAgICAgICAgICByZXQgPSBhcHJf
ZGJkX2dldF9lbnRyeShkYi0+ZHJpdmVyLCByb3csIDApOworICAgICAgICAgICAgcmV0ID0gYXBy
X3BzdHJkdXAoci0+cG9vbCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFwcl9kYmRf
Z2V0X2VudHJ5KGRiLT5kcml2ZXIsIHJvdywgMCkpOwogICAgICAgICB9CiAgICAgICAgIGVsc2Ug
ewogICAgICAgICAgICAgLyogcmFuZG9taXNlIGNydWRlbHkgYW1vbmdzdCBtdWx0aXBsZSByZXN1
bHRzICovCiAgICAgICAgICAgICBpZiAoKGRvdWJsZSlyYW5kKCkgPCAoZG91YmxlKVJBTkRfTUFY
Lyhkb3VibGUpbikgewotICAgICAgICAgICAgICAgIHJldCA9IGFwcl9kYmRfZ2V0X2VudHJ5KGRi
LT5kcml2ZXIsIHJvdywgMCk7CisgICAgICAgICAgICAgICAgcmV0ID0gYXByX3BzdHJkdXAoci0+
cG9vbCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHJfZGJkX2dldF9lbnRy
eShkYi0+ZHJpdmVyLCByb3csIDApKTsKICAgICAgICAgICAgIH0KICAgICAgICAgfQogICAgIH0K
QEAgLTE0MDIsMTEgKzE0MDQsMTEgQEAgc3RhdGljIGNoYXIgKmxvb2t1cF9tYXBfZGJkKHJlcXVl
c3RfcmVjICpyLCBjaGFyICoKICAgICBjYXNlIDA6CiAgICAgICAgIHJldHVybiBOVUxMOwogICAg
IGNhc2UgMToKLSAgICAgICAgcmV0dXJuIGFwcl9wc3RyZHVwKHItPnBvb2wsIHJldCk7CisgICAg
ICAgIHJldHVybiByZXQ7CiAgICAgZGVmYXVsdDoKICAgICAgICAgLyogd2hhdCdzIGEgZmFpciBy
ZXdyaXRlbG9nIGxldmVsIGZvciB0aGlzPyAqLwogICAgICAgICByZXdyaXRlbG9nKChyLCAzLCBO
VUxMLCAiTXVsdGlwbGUgdmFsdWVzIGZvdW5kIGZvciAlcyIsIGtleSkpOwotICAgICAgICByZXR1
cm4gYXByX3BzdHJkdXAoci0+cG9vbCwgcmV0KTsKKyAgICAgICAgcmV0dXJuIHJldDsKICAgICB9
CiB9CiAKSW5kZXg6IG1vZHVsZXMvc2Vzc2lvbi9tb2Rfc2Vzc2lvbl9kYmQuYwo9PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
Ci0tLSBtb2R1bGVzL3Nlc3Npb24vbW9kX3Nlc3Npb25fZGJkLmMJKHJldmlzaW9uIDE2Nzg3NjMp
CisrKyBtb2R1bGVzL3Nlc3Npb24vbW9kX3Nlc3Npb25fZGJkLmMJKHdvcmtpbmcgY29weSkKQEAg
LTEzOCw3ICsxMzgsOCBAQCBzdGF0aWMgYXByX3N0YXR1c190IGRiZF9sb2FkKHJlcXVlc3RfcmVj
ICogciwgY29ucwogICAgICAgICAgICAgcmV0dXJuIEFQUl9FR0VORVJBTDsKICAgICAgICAgfQog
ICAgICAgICBpZiAoKnZhbCA9PSBOVUxMKSB7Ci0gICAgICAgICAgICAqdmFsID0gYXByX2RiZF9n
ZXRfZW50cnkoZGJkLT5kcml2ZXIsIHJvdywgMCk7CisgICAgICAgICAgICAqdmFsID0gYXByX3Bz
dHJkdXAoci0+cG9vbCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHJfZGJkX2dl
dF9lbnRyeShkYmQtPmRyaXZlciwgcm93LCAwKSk7CiAgICAgICAgIH0KICAgICAgICAgLyogd2Ug
Y2FuJ3QgYnJlYWsgb3V0IGhlcmUgb3Igcm93IHdvbid0IGdldCBjbGVhbmVkIHVwICovCiAgICAg
fQo=
--089e012953809e793e0515e10b84--