-*- coding: utf-8 -*-
Changes with Apache 2.0.55
+ *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
+ retrieved from LDAP so that all of the values can be properly
+ cached even if the value is NULL.
+ [Brad Nicholes, Ondrej Sury <ondrej sury.org>]
+
*) SECURITY: CAN-2005-2491 (cve.mitre.org):
Fix integer overflows in PCRE in quantifier parsing which could
be triggered by a local user through use of a carefully-crafted
algorithims can be pretty "interesting", probably more
2.2.
- *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
- retrieved from LDAP so that all of the values can be properly
- cached even if the value is NULL.
- http://issues.apache.org/bugzilla/attachment.cgi?id=16429
- or
- http://svn.apache.org/viewcvs.cgi?rev=156587&view=rev
- +1: bnicholes, minfrin, jim
-
PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
*) Replace some of the mutex locking in the worker MPM with
const char ***retvals)
{
const char **vals = NULL;
+ int numvals = 0;
int result = 0;
LDAPMessage *res, *entry;
char *dn;
int i = 0;
while (attrs[k++]);
vals = apr_pcalloc(r->pool, sizeof(char *) * (k+1));
+ numvals = k;
while (attrs[i]) {
char **values;
int j = 0;
the_search_node.bindpw = bindpw;
the_search_node.lastbind = apr_time_now();
the_search_node.vals = vals;
+ the_search_node.numvals = numvals;
/* Search again to make sure that another thread didn't ready insert this node
into the cache before we got here. If it does exist then update the lastbind */
const char ***retvals)
{
const char **vals = NULL;
+ int numvals = 0;
int result = 0;
LDAPMessage *res, *entry;
char *dn;
int i = 0;
while (attrs[k++]);
vals = apr_pcalloc(r->pool, sizeof(char *) * (k+1));
+ numvals = k;
while (attrs[i]) {
char **values;
int j = 0;
the_search_node.bindpw = NULL;
the_search_node.lastbind = apr_time_now();
the_search_node.vals = vals;
+ the_search_node.numvals = numvals;
/* Search again to make sure that another thread didn't ready insert this node
into the cache before we got here. If it does exist then update the lastbind */
/* copy vals */
if (node->vals) {
- int k = 0;
+ int k = node->numvals;
int i = 0;
- while (node->vals[k++]);
if (!(newnode->vals = util_ald_alloc(cache, sizeof(char *) * (k+1)))) {
util_ldap_search_node_free(cache, newnode);
return NULL;
}
- while (node->vals[i]) {
- if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) {
- util_ldap_search_node_free(cache, newnode);
- return NULL;
+ newnode->numvals = node->numvals;
+ for (;k;k--) {
+ if (node->vals[i]) {
+ if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) {
+ util_ldap_search_node_free(cache, newnode);
+ return NULL;
+ }
}
+ else
+ newnode->vals[i] = NULL;
i++;
}
}
{
int i = 0;
util_search_node_t *node = (util_search_node_t *)n;
+ int k = node->numvals;
+
if (node->vals) {
- while (node->vals[i]) {
- util_ald_free(cache, node->vals[i++]);
+ for (;k;k--,i++) {
+ if (node->vals[i]) {
+ util_ald_free(cache, node->vals[i]);
+ }
}
util_ald_free(cache, node->vals);
}
NULL if the bind failed */
apr_time_t lastbind; /* Time of last successful bind */
const char **vals; /* Values of queried attributes */
+ int numvals; /* Number of queried attributes */
} util_search_node_t;
/*
projects / thirdparty / apache / httpd.git / commitdiff
