[SVN-4782] Using (const char*)1 in Apache HTTP server modules as value for r->notes cause httpd to crash - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.x, trunk, 1.10.x, 1.11.x
Fix Version/s: 1.14.0
Component/s: None
Labels:
- patch
Environment:

All environments

Description

mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok, NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This causes any call to apr_table_clone for r->notes to crash with a SEGFAULT, because (const char*)1 is an invalid address. mod_http2 in httpd calls apr_table_clone for r->notes and hence the httpd process crashes. The attached patch (against trunk) replaces the value of (const char*)1 in these cases with a value of "1".

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

notes_fix.diff
29/Oct/18 07:49
2 kB
Ruediger Pluem

Activity

People

Assignee:: Unassigned

Reporter:: Ruediger Pluem

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Oct/18 08:00

Updated:: 05/Oct/23 08:27

Resolved:: 30/Oct/18 20:51