subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: svn commit: r1845204 - in /subversion/trunk/subversion: mod_authz_svn/mod_authz_svn.c mod_dav_svn/mod_dav_svn.c
Date Tue, 30 Oct 2018 09:22:56 GMT
On 30.10.2018 10:04, rpluem@apache.org wrote:
> Author: rpluem
> Date: Tue Oct 30 09:04:14 2018
> New Revision: 1845204
>
> URL: http://svn.apache.org/viewvc?rev=1845204&view=rev
> Log:
> Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for r->notes.
>
> mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean
> states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok,
> NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This
> causes any call to apr_table_clone for r->notes to crash with a SEGFAULT,
> because (const char*)1 is an invalid address. mod_http2 in httpd calls
> apr_table_clone for r->notes and hence the httpd process crashes.
> Hence replace the value of (const char*)1 in these cases with a value of "1".
>
> * subversion/mod_authz_svn/mod_authz_svn.c
>   (access_checker, check_user_id): Replace value of (const char*)1 with "1"
>    in apr_table_setn calls for r->notes table for keys FORCE_AUTHN_NOTE,
>    IN_SOME_AUTHN_NOTE, authz_svn-anon-ok to set a value with an valid address.
>
> * subversion/mod_authz_svn/mod_dav_svn.c
>   (dav_svn__translate_name): Replace value of (const char*)1 with "1"
>    in apr_table_setn calls for r->notes table for keys NO_MAP_TO_STORAGE_NOTE
>    to set a value with an valid address.


Hi Ruediger,

This looks perfect, thank you. It's important enough to be added to
CHANGES, in the server-side bugfixes section, so please add a line
there, for 1.12.0.

The backport process is similar to APR's and I assume httpd's, we use a
STATUS file for nominations with 3 PMC +1 required for core changes. We
have a script for proposing backports, here's an example:

[[[
.../repos/1.11.x$ ../trunk/tools/dist/nominate.pl r1845204 "Prevents a crash in mod_http2."
Index: STATUS
===================================================================
--- STATUS	(revision 1845205)
+++ STATUS	(working copy)
@@ -48,6 +48,14 @@ Candidate changes:
    Votes:
      +1: brane
 
+ * r1845204
+   Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for
+   r->notes.
+   Justification:
+     Prevents a crash in mod_http2.
+   Votes:
+     +1: brane
+
 Veto-blocked changes:
 =====================
 
Commit this nomination? 
]]]

(typing y<enter> will commit, anything else will revert the change to
STATUS).

Our currently maintained branches are 1.9.x, 1.10.x and 1.11.x; fixing a
crash is important enough to backport to all of them. Your vote won't be
binding since you're not a PMC member, but there's nothing wrong with
keeping it there.

Also, please always use the trunk version of the nominate.pl script.

-- Brane


Mime
View raw message