From: Jan Kaluža <jkaluza@apache.org>
Date: Tue, 3 Mar 2015 11:12:18 +0000 (+0000)
Subject: * mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=228a45dafeceade8b62ee7d68c29a540489084a8;p=thirdparty%2Fapache%2Fhttpd.git

* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
bug with postgresql


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1663647 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c
index 421295bfe42..4beceabf921 100644
--- a/modules/aaa/mod_authn_dbd.c
+++ b/modules/aaa/mod_authn_dbd.c
@@ -174,7 +174,8 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
                 i++;
             }
 #endif
-            dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_password = apr_pstrdup(r->pool,
+                                       apr_dbd_get_entry(dbd->driver, row, 0));
         }
         /* we can't break out here or row won't get cleaned up */
     }
@@ -269,7 +270,8 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
                 i++;
             }
 #endif
-            dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+            dbd_hash = apr_pstrdup(r->pool,
+                                   apr_dbd_get_entry(dbd->driver, row, 0));
         }
         /* we can't break out here or row won't get cleaned up */
     }