From: Joe Orton <jorton@apache.org>
Date: Tue, 30 Aug 2005 11:49:27 +0000 (+0000)
Subject: Merge r179763 from trunk:
X-Git-Tag: 2.0.55~64
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d1d45abc54721a982620f8244d5a2079fa6b777;p=thirdparty%2Fapache%2Fhttpd.git

Merge r179763 from trunk:

* modules/filters/mod_include.c (handle_include): Fix possible
variable corruption with nested includes.

PR: 12655
Reviewed by: jorton, nd, jerenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@264762 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 683c5bd75b9..445e96b7b98 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.55
 
+  *) mod_include: Fix possible environment variable corruption when 
+     using nested includes.  PR 12655.  [Joe Orton]
+
   *) Support the suppress-error-charset setting, as with Apache 1.3.x.
      PR 31274.  [Jeff Trawick]
 
diff --git a/STATUS b/STATUS
index fa88e6d2ba5..a3d39e93c5d 100644
--- a/STATUS
+++ b/STATUS
@@ -198,14 +198,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
          modules/proxy/mod_proxy_ftp.c: r231044
        +1: minfrin, jim, nd
 
-    *) mod_include: Fix possible variable corruption with nested
-       includes.
-         http://svn.apache.org/viewcvs?rev=179763&view=rev
-       2.0.x patch: http://people.apache.org/~jorton/ap_pr12655.patch
-       test case in perl-framework/t/modules/include.t
-       PR: 12655
-       +1: jorton, nd, jerenkrantz
-
     *) mod_auth_digest: Fix hostinfo validation for CONNECT requests.
          http://svn.apache.org/viewcvs.cgi?rev=193127&view=rev
        +1: jorton, nd, jerenkrantz
diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index ee45a086dac..c1a252b5acf 100644
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -788,11 +788,11 @@ static int handle_include(include_ctx_t *ctx, apr_bucket_brigade **bb,
                     CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, 
                                         *inserted_head);
                 }
-
-                /* destroy the sub request */
-                if (rr != NULL) {
-                    ap_destroy_sub_req(rr);
-                }
+                
+                /* Do *not* destroy the subrequest here; it may have allocated
+                 * variables in this r->subprocess_env in the subrequest's
+                 * r->pool, so that pool must survive as long as this request.
+                 * Yes, this is a memory leak. */
             }
             else {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,