From: Jeff Trawick Date: Mon, 13 Oct 2003 19:18:21 +0000 (+0000) Subject: merge this fix into the stable branch: X-Git-Tag: 2.0.48~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43b1a9358c405cbb475b22e89f3fd0fe993d4341;p=thirdparty%2Fapache%2Fhttpd.git merge this fix into the stable branch: mod_cgid: fix a hash table corruption problem which could result in the wrong script being cleaned up at the end of a request. Reviewed by: stoddard, gregames git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@101438 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f51d3a08838..98fbfd61858 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ Changes with Apache 2.0.48 + *) mod_cgid: fix a hash table corruption problem which could + result in the wrong script being cleaned up at the end of a + request. [Jeff Trawick] + *) Update httpd-*.conf to be clearer in describing the connection between AddType and AddEncoding for defining the meaning of compressed file extensions. [Roy Fielding] diff --git a/STATUS b/STATUS index 88209db8c79..fa8c8eedc83 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2003/10/13 17:28:08 $] +Last modified at [$Date: 2003/10/13 19:18:21 $] Release: @@ -260,12 +260,6 @@ PATCHES TO BACKPORT FROM 2.1 modules/generators/mod_info.c r1.151 +1: trawick - * mod_cgid: fix a hash table corruption problem which could - result in the wrong script being cleaned up at the end of a - request. - modules/generators/mod_cgid.c r1.157 - +1: trawick, stoddard, gregames - * httpd-2.0's config parser is incompatible with httpd-1.3's one, which allowed containers like . httpd-2.0's config parser doesn't like container directives with no arguments (Syntax diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index 3b009a218cb..289c074d8be 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -769,7 +769,26 @@ static int cgid_server(void *data) apr_filename_of_pathname(r->filename)); } else { - apr_hash_set(script_hash, &cgid_req.conn_id, sizeof(cgid_req.conn_id), + /* We don't want to leak storage for the key, so only allocate + * a key if the key doesn't exist yet in the hash; there are + * only a limited number of possible keys (one for each + * possible thread in the server), so we can allocate a copy + * of the key the first time a thread has a cgid request. + * Note that apr_hash_set() only uses the storage passed in + * for the key if it is adding the key to the hash for the + * first time; new key storage isn't needed for replacing the + * existing value of a key. + */ + void *key; + + if (apr_hash_get(script_hash, &cgid_req.conn_id, sizeof(cgid_req.conn_id))) { + key = &cgid_req.conn_id; + } + else { + key = apr_pcalloc(pcgi, sizeof(cgid_req.conn_id)); + memcpy(key, &cgid_req.conn_id, sizeof(cgid_req.conn_id)); + } + apr_hash_set(script_hash, key, sizeof(cgid_req.conn_id), (void *)procnew->pid); } }