www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool
Date Mon, 08 Dec 1997 22:40:01 GMT
The following reply was made to PR mod_cern_meta/1500; it has been noted by GNATS.

From: Dean Gaudet <dgaudet@arctic.org>
To: Joe Condon <joecondon@unn.unisys.com>
Cc: Roy Wood <roywood@unn.unisys.com>, apbugs@apache.org
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool
Date: Mon, 8 Dec 1997 14:42:44 -0800 (PST)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
   Send mail to mime@docserver.cac.washington.edu for more info.
 Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
 Content-ID: <Pine.LNX.3.95dg3.971208143604.30600E@twinlark.arctic.org>
 On Mon, 8 Dec 1997, Joe Condon wrote:
 > r->connection->user value is the value that is getting hammered. This value
 > is set in the http_protocol.c source file in function get_basic_auth_pw()
 > at approximately line 1019.
 > 1019 r->connection->user = getword_nulls_nc(r->pool, &t, ?:?);
 > Storage allocation for this value occurs in the getword_nulls_nc() function
 > and it is allocated from the memory pool r->pool passed to the function.
 Excellent, thanks for looking into this in such depth.  The problem is
 that those allocations clearly should be made from r->connection->pool,
 because they have the same lifetime as r->connection.  Try this patch. 
 --- http_protocol.c.dist	Mon Dec  8 14:29:51 1997
 +++ http_protocol.c	Mon Dec  8 14:35:26 1997
 @@ -935,7 +935,11 @@
      t = uudecode (r->pool, auth_line);
 -    r->connection->user = getword_nulls_nc (r->pool, &t, ':');
 +    /* Note that this allocation has to be made from r->connection->pool
 +     * because it has the lifetime of the connection.  The other allocations
 +     * are temporary and can be tossed away any time.
 +     */
 +    r->connection->user = getword_nulls_nc (r->connection->pool, &t, ':');
      r->connection->auth_type = "Basic";
      *pw = t;

View raw message