On 30.10.2018 10:04, rpluem_at_apache.org wrote:
> Author: rpluem
> Date: Tue Oct 30 09:04:14 2018
> New Revision: 1845204
>
> URL: http://svn.apache.org/viewvc?rev=1845204&view=rev
> Log:
> Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for r->notes.
>
> mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean
> states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok,
> NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This
> causes any call to apr_table_clone for r->notes to crash with a SEGFAULT,
> because (const char*)1 is an invalid address. mod_http2 in httpd calls
> apr_table_clone for r->notes and hence the httpd process crashes.
> Hence replace the value of (const char*)1 in these cases with a value of "1".
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (access_checker, check_user_id): Replace value of (const char*)1 with "1"
> in apr_table_setn calls for r->notes table for keys FORCE_AUTHN_NOTE,
> IN_SOME_AUTHN_NOTE, authz_svn-anon-ok to set a value with an valid address.
>
> * subversion/mod_authz_svn/mod_dav_svn.c
> (dav_svn__translate_name): Replace value of (const char*)1 with "1"
> in apr_table_setn calls for r->notes table for keys NO_MAP_TO_STORAGE_NOTE
> to set a value with an valid address.
Hi Ruediger,
This looks perfect, thank you. It's important enough to be added to
CHANGES, in the server-side bugfixes section, so please add a line
there, for 1.12.0.
The backport process is similar to APR's and I assume httpd's, we use a
STATUS file for nominations with 3 PMC +1 required for core changes. We
have a script for proposing backports, here's an example:
[[[
.../repos/1.11.x$ ../trunk/tools/dist/nominate.pl r1845204 "Prevents a crash in mod_http2."
Index: STATUS
===================================================================
--- STATUS (revision 1845205)
+++ STATUS (working copy)
@@ -48,6 +48,14 @@ Candidate changes:
Votes:
+1: brane
+ * r1845204
+ Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for
+ r->notes.
+ Justification:
+ Prevents a crash in mod_http2.
+ Votes:
+ +1: brane
+
Veto-blocked changes:
=====================
Commit this nomination?
]]]
(typing y<enter> will commit, anything else will revert the change to
STATUS).
Our currently maintained branches are 1.9.x, 1.10.x and 1.11.x; fixing a
crash is important enough to backport to all of them. Your vote won't be
binding since you're not a PMC member, but there's nothing wrong with
keeping it there.
Also, please always use the trunk version of the nominate.pl script.
-- Brane
Received on 2018-10-30 10:23:04 CET