* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free

author Jan Kaluža <jkaluza@apache.org>

Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)

committer Jan Kaluža <jkaluza@apache.org>

Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)
author Jan Kaluža <jkaluza@apache.org>
Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)
committer Jan Kaluža <jkaluza@apache.org>
Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)
diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c

index 421295bfe42064d786e3a3406156ffb250c7ea51..4beceabf9219e397c008b930feda3bbd1a27760a 100644 (file)
--- a/modules/aaa/mod_authn_dbd.c
+++ b/modules/aaa/mod_authn_dbd.c
@@ -174,7 +174,8 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
                  i++;
              }
  #endif
-            dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_password = apr_pstrdup(r->pool,
+                                       apr_dbd_get_entry(dbd->driver, row, 0));
          }
          /* we can't break out here or row won't get cleaned up */
      }
@@ -269,7 +270,8 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
                  i++;
              }
  #endif
-            dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_hash = apr_pstrdup(r->pool,
+                                   apr_dbd_get_entry(dbd->driver, row, 0));
          }
          /* we can't break out here or row won't get cleaned up */
      }
author	Jan Kaluža <jkaluza@apache.org>
	Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)
committer	Jan Kaluža <jkaluza@apache.org>
	Tue, 3 Mar 2015 11:12:18 +0000 (11:12 +0000)