Summary: | [PATCH] mod_authz_dbd segfaults when AuthzDBDQuery missing | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Lubos Uhliarik <luhliari> |
Component: | mod_authz_dbd | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | FixedInTrunk, PatchAvailable |
Priority: | P2 | ||
Version: | 2.4.27 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | Patch fixing this issue |
Thanks for the report and patch. Fixed in trunk in r1809209. Some small tweaks added (some extra blank lines and no need to initialize dbd to NULL) |
Created attachment 35340 [details] Patch fixing this issue mod_authz_dbd segfaults when AuthzDBDQuery is missing in httpd configuration. <Location /moria> AuthName "The Mines of Moria" AuthType Basic AuthBasicProvider dbd AuthDBDUserPWQuery "SELECT password FROM users WHERE username = %s" Require dbd-group istari #AuthzDBDQuery "SELECT groupname FROM groups WHERE username = %s" </Location> Since AuthzDBDQuery is not set, authz_dbd_prepare is not called and therefore dbd_handle remains NULL. This causes segmentation fault, if authz_dbd_login or authz_dbd_group_query functions are triggered, because in the variable initialization is this code: ap_dbd_t *dbd = dbd_handle(r); I moved it after check, if cfg->query is NULL.