* modules/dav/fs/lock.c (dav_size_indirect): Fix indirect lock record
handling on 64-bit platforms: use correct size of apr_datum_t.dsize
field.
* modules/dav/fs/lock.c (dav_fs_refresh_locks): Fix SEGV on refresh of
indirect lock.
PR: 31183
Reviewed by: jerenkrantz, striker
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105125
13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.0.51
+ *) SECURITY: CAN-2004-0809 (cve.mitre.org)
+ mod_dav_fs: Fix a segfault in the handling of an indirect lock
+ refresh. PR 31183. [Joe Orton]
+
*) Add -l option to rotatelogs to let it use local time rather than
UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2004/09/15 07:58:37 $]
+Last modified at [$Date: 2004/09/15 08:26:44 $]
Release:
[ please place file names and revisions from HEAD here, so it is easy to
identify exactly what the proposed changes are! ]
- *) mod_dav_fs: Fix indirect lock record handling on 64-bit platforms.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.31&r2=1.32
- jerenkrantz asks: Won't this break already existing lock DBs?
- (Joe comments in msg below they'd already be broken.)
- Message-ID: <20040913161345.GD29591@redhat.com>
- +1: jorton, jerenkrantz, striker
-
- *) mod_dav_fs: Fix indirect lock refresh.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33
- +1: jorton, jerenkrantz, striker
- PR: 31183 (yes, I will do a CHANGES entry too)
-
*) ap_rgetline_core correctness fix.
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c?r1=1.151&r2=1.152
+1: jorton, jerenkrantz
** INDIRECT LOCK: [char (DAV_LOCK_INDIRECT),
** apr_uuid_t locktoken,
** time_t expires,
-** int key_size,
+** apr_size_t key_size,
** char[] key]
** The key is to the collection lock that resulted in this indirect lock
*/
/* Stored indirect lock info - lock token and apr_datum_t */
#define dav_size_indirect(a) (1 + sizeof(apr_uuid_t) \
+ sizeof(time_t) \
- + sizeof(int) + (a)->key.dsize)
+ + sizeof((a)->key.dsize) + (a)->key.dsize)
/*
** The lockdb structure.
}
if (dav_fs_do_refresh(dp_scan, ltl, new_time)) {
/* the lock was refreshed. return the lock. */
- newlock = dav_fs_alloc_lock(lockdb, ip->key, dp->locktoken);
+ newlock = dav_fs_alloc_lock(lockdb, ip->key, dp_scan->locktoken);
newlock->is_locknull = !resource->exists;
- newlock->scope = dp->f.scope;
- newlock->type = dp->f.type;
- newlock->depth = dp->f.depth;
- newlock->timeout = dp->f.timeout;
- newlock->owner = dp->owner;
+ newlock->scope = dp_scan->f.scope;
+ newlock->type = dp_scan->f.type;
+ newlock->depth = dp_scan->f.depth;
+ newlock->timeout = dp_scan->f.timeout;
+ newlock->owner = dp_scan->owner;
newlock->auth_user = dp_scan->auth_user;
newlock->next = *locks;
projects / thirdparty / apache / httpd.git / commitdiff
