From: Eric Covener Date: Fri, 22 Jul 2016 12:47:42 +0000 (+0000) Subject: Merge r1752415 from trunk: X-Git-Tag: 2.4.24~356 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0397b40f7dcd4de5f3e2a005ce7124bf916eca3;p=thirdparty%2Fapache%2Fhttpd.git Merge r1752415 from trunk: PR59844: stack-allocated ap_expr_info_t returned from mod_include git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1753782 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ad4a6581e17..6dac76e4f17 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.24 + *) mod_include: Fix a potential memory misuse while evaluating expressions. + PR59844. [Eric Covener] + *) mod_http2: new H2CopyFiles directive that changes treatment of file handles in responses. Necessary in order to fix broken lifetime handling in modules such as mod_wsgi. diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index 5a6271c5f7b..a5e44fead7c 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -1588,17 +1588,17 @@ static int parse_expr(include_ctx_t *ctx, const char *expr, int *was_error) /* same as above, but use common ap_expr syntax / API */ static int parse_ap_expr(include_ctx_t *ctx, const char *expr, int *was_error) { - ap_expr_info_t expr_info; + ap_expr_info_t *expr_info = apr_pcalloc(ctx->pool, sizeof (*expr_info)); const char *err; int ret; backref_t *re = ctx->intern->re; ap_expr_eval_ctx_t *eval_ctx = ctx->intern->expr_eval_ctx; - expr_info.filename = ctx->r->filename; - expr_info.line_number = 0; - expr_info.module_index = APLOG_MODULE_INDEX; - expr_info.flags = AP_EXPR_FLAG_RESTRICTED; - err = ap_expr_parse(ctx->r->pool, ctx->r->pool, &expr_info, expr, + expr_info->filename = ctx->r->filename; + expr_info->line_number = 0; + expr_info->module_index = APLOG_MODULE_INDEX; + expr_info->flags = AP_EXPR_FLAG_RESTRICTED; + err = ap_expr_parse(ctx->r->pool, ctx->r->pool, expr_info, expr, include_expr_lookup); if (err) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(01337) @@ -1634,7 +1634,7 @@ static int parse_ap_expr(include_ctx_t *ctx, const char *expr, int *was_error) eval_ctx->re_source = &re->source; } - eval_ctx->info = &expr_info; + eval_ctx->info = expr_info; ret = ap_expr_exec_ctx(eval_ctx); if (ret < 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(01338)