subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r1845204 - in /subversion/trunk/subversion: mod_authz_svn/mod_authz_svn.c mod_dav_svn/mod_dav_svn.c
Date Tue, 30 Oct 2018 09:04:14 GMT
Author: rpluem
Date: Tue Oct 30 09:04:14 2018
New Revision: 1845204

URL: http://svn.apache.org/viewvc?rev=1845204&view=rev
Log:
Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for r->notes.

mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean
states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok,
NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This
causes any call to apr_table_clone for r->notes to crash with a SEGFAULT,
because (const char*)1 is an invalid address. mod_http2 in httpd calls
apr_table_clone for r->notes and hence the httpd process crashes.
Hence replace the value of (const char*)1 in these cases with a value of "1".

* subversion/mod_authz_svn/mod_authz_svn.c
  (access_checker, check_user_id): Replace value of (const char*)1 with "1"
   in apr_table_setn calls for r->notes table for keys FORCE_AUTHN_NOTE,
   IN_SOME_AUTHN_NOTE, authz_svn-anon-ok to set a value with an valid address.

* subversion/mod_authz_svn/mod_dav_svn.c
  (dav_svn__translate_name): Replace value of (const char*)1 with "1"
   in apr_table_setn calls for r->notes table for keys NO_MAP_TO_STORAGE_NOTE
   to set a value with an valid address.

Modified:
    subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
    subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c

Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1845204&r1=1845203&r2=1845204&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Tue Oct 30 09:04:14 2018
@@ -912,7 +912,7 @@ access_checker(request_rec *r)
         {
           /* Set the note to force authn regardless of what access_checker_ex
              hook requires */
-          apr_table_setn(r->notes, FORCE_AUTHN_NOTE, (const char*)1);
+          apr_table_setn(r->notes, FORCE_AUTHN_NOTE, "1");
 
           /* provide the proper return so the access_checker hook doesn't
            * prevent the code from continuing on to the other auth hooks */
@@ -978,7 +978,7 @@ access_checker(request_rec *r)
            * ap_some_authn_rquired() without triggering an infinite
            * loop since the call will trigger this function to be
            * called again. */
-          apr_table_setn(r->notes, IN_SOME_AUTHN_NOTE, (const char*)1);
+          apr_table_setn(r->notes, IN_SOME_AUTHN_NOTE, "1");
           authn_required = ap_some_authn_required(r);
           apr_table_unset(r->notes, IN_SOME_AUTHN_NOTE);
           if (authn_required)
@@ -1021,7 +1021,7 @@ check_user_id(request_rec *r)
   status = req_check_access(r, conf, &repos_path, &dest_repos_path);
   if (status == OK)
     {
-      apr_table_setn(r->notes, "authz_svn-anon-ok", (const char*)1);
+      apr_table_setn(r->notes, "authz_svn-anon-ok", "1");
       log_access_verdict(APLOG_MARK, r, 1, FALSE, repos_path, dest_repos_path);
       return OK;
     }

Modified: subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c?rev=1845204&r1=1845203&r2=1845204&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c (original)
+++ subversion/trunk/subversion/mod_dav_svn/mod_dav_svn.c Tue Oct 30 09:04:14 2018
@@ -1258,7 +1258,7 @@ static int dav_svn__translate_name(reque
 
   /* Leave a note to ourselves so that we know not to decline in the
    * map_to_storage hook. */
-  apr_table_setn(r->notes, NO_MAP_TO_STORAGE_NOTE, (const char*)1);
+  apr_table_setn(r->notes, NO_MAP_TO_STORAGE_NOTE, "1");
   return OK;
 }
 



Mime
View raw message