Fix memory corruption problem with ap_custom_response() function.

The core per-dir config would later point to request pool data
that would be reused for different purposes on different requests.

This is based on an old 1.3 patch submitted by Will Lowe.
It needs a minor tweak before committing to 1.3, but he had
it pretty darn close.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@103141 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index ff8f26f213ad5473cc7e5b61b0e8fff8ecbbd358..d2616dea58517e5a139cc474292aaaa12d3aee1d 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/03/25 00:15:21 $]
+Last modified at [$Date: 2004/03/25 02:07:27 $]
 
 Release:
 
@@ -101,13 +101,6 @@ PATCHES TO BACKPORT FROM 2.1
            server/listen.c: r1.101
        +1: trawick, stoddard, rederpj
 
-    *) Fix memory corruption problem with ap_custom_response()
-       function.  This turns Apache + a popular third-party module
-       into a crash-a-matic :(
-           include/http_core.h: r1.82
-           server/core.c: r1.268
-       +1: trawick, stoddard, rederpj
-
     *) Limit the concurrency in 'ab' to MAX_CONCURRENCY to prevent a 
        segmentation fault.
            support/ab.c: r1.140, r1.141

diff --git a/include/http_core.h b/include/http_core.h
index dc51aa97b2f9f079fb185d794696845f561629f9..2e8fb472bccd1564724345596584090f1c639d69 100644 (file)
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -324,6 +324,13 @@ typedef struct {
      * won't actually be delivered as the response for the non-GET method.
      */
     int deliver_script;
+
+    /* Custom response strings registered via ap_custom_response(),
+     * or NULL; check per-dir config if nothing found here
+     */
+    char **response_code_strings; /* from ap_custom_response(), not from
+                                   * ErrorDocument
+                                   */
 } core_request_config;
 
 /* Standard entries that are guaranteed to be accessible via
@@ -426,7 +433,8 @@ typedef struct {
      * This lets us do quick merges in merge_core_dir_configs().
      */
   
-    char **response_code_strings;
+    char **response_code_strings; /* from ErrorDocument, not from
+                                   * ap_custom_response() */
 
     /* Hostname resolution etc */
 #define HOSTNAME_LOOKUP_OFF    0

diff --git a/server/core.c b/server/core.c
index dba35dd4742dd86705549ae4073acbefb51fe091..fb0aac799326726351a74d5855fa76e969ac1c2f 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -678,16 +678,26 @@ AP_DECLARE(int) ap_satisfies(request_rec *r)
 
 char *ap_response_code_string(request_rec *r, int error_index)
 {
-    core_dir_config *conf;
+    core_dir_config *dirconf;
+    core_request_config *reqconf;
 
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
+    /* check for string registered via ap_custom_response() first */
+    reqconf = (core_request_config *)ap_get_module_config(r->request_config,
+                                                          &core_module);
+    if (reqconf->response_code_strings != NULL &&
+        reqconf->response_code_strings[error_index] != NULL) {
+        return reqconf->response_code_strings[error_index];
+    }
 
-    if (conf->response_code_strings == NULL) {
-        return NULL;
+    /* check for string specified via ErrorDocument */
+    dirconf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
+                                                      &core_module);
+
+    if (dirconf->response_code_strings == NULL) {
+       return NULL;
     }
 
-    return conf->response_code_strings[error_index];
+    return dirconf->response_code_strings[error_index];
 }
 
 
@@ -1100,11 +1110,11 @@ static const char *set_document_root(cmd_parms *cmd, void *dummy,
 AP_DECLARE(void) ap_custom_response(request_rec *r, int status,
                                     const char *string)
 {
-    core_dir_config *conf =
-        ap_get_module_config(r->per_dir_config, &core_module);
+    core_request_config *conf =
+        ap_get_module_config(r->request_config, &core_module);
     int idx;
 
-    if(conf->response_code_strings == NULL) {
+    if (conf->response_code_strings == NULL) {
         conf->response_code_strings =
             apr_pcalloc(r->pool,
                         sizeof(*conf->response_code_strings) * RESPONSE_CODES);