r1663647 | jkaluza | 2015-03-03 12:12:18 +0100 (Tue, 03 Mar 2015) | 3 lines
* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
bug with postgresql
r1679182 | ylavic | 2015-05-13 13:35:22 +0200 (Wed, 13 May 2015) | 1 line
Follup up to r1679181: CHANGES entry.
Reviewed by: ylavic, rjung, wrowe
Backported by: ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1681044 13f79535-47bb-0310-9956-
ffa450edef68
conf/extra/httpd-ssl.conf file are now global in scope, affecting all
VirtualHosts (matching 2.4 default configuration). [William Rowe]
+ *) mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
+ selected DB engine. PR 46421. [Jan Kaluza].
+
*) Turn static function get_server_name_for_url() into public
ap_get_server_name_for_url() and use it where appropriate. This
fixes mod_rewrite generating invalid URLs for redirects to IPv6
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authn_dbd: Fix lifetime of DB lookup entries independently of the
- selected DB engine. PR 46421.
- trunk patch: http://svn.apache.org/r1663647
- http://svn.apache.org/r1679182
- 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-apr_dbd_get_entry_lifetime.patch
- (trunk works but the patch includes a CHANGES entry relative to 2.2.x only)
- +1: ylavic, rjung, wrowe
-
* mpm_winnt service.c: Accept utf-8 service names/descriptions for i18n.
trunk patches: http://svn.apache.org/r1611165
http://svn.apache.org/r1611169
i++;
}
#endif
- dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+ dbd_password = apr_pstrdup(r->pool,
+ apr_dbd_get_entry(dbd->driver, row, 0));
}
/* we can't break out here or row won't get cleaned up */
}
i++;
}
#endif
- dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+ dbd_hash = apr_pstrdup(r->pool,
+ apr_dbd_get_entry(dbd->driver, row, 0));
}
/* we can't break out here or row won't get cleaned up */
}
projects / thirdparty / apache / httpd.git / commitdiff
