You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/12/22 19:37:49 UTC
[Bug 54344] New: Found lack of sanity checks for malloc() in file
ab.c
https://issues.apache.org/bugzilla/show_bug.cgi?id=54344
Bug ID: 54344
Summary: Found lack of sanity checks for malloc() in file ab.c
Product: Apache httpd-2
Version: 2.4.3
Hardware: PC
OS: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: wp02855@gmail.com
Classification: Unclassified
Created attachment 29791
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29791&action=edit
patch file for httpd-2.4.3/support/ab.c
In directory 'httpd-2.4.3/support', file 'ab.c', function
'ssl_proceed_handshake', I found an instance of a call to
malloc() without a check for a return value of NULL, indicating
failure. Additionally, I found no instance where free() is
called to release the allocated memory prior to leaving
the function, causing the potential for a memory leak.
The patch file is below:
--- ab.c.orig 2012-12-21 17:21:39.451547287 -0800
+++ ab.c 2012-12-21 17:23:50.502769885 -0800
@@ -622,6 +622,10 @@
pk_bits = 0; /* Anon DH */
ssl_info = malloc(128);
+ if (ssl_info == NULL) {
+ fprintf(stderr, "ab: Could not allocate ssl_info data
buffer\n");
+ return;
+ }
apr_snprintf(ssl_info, 128, "%s,%s,%d,%d",
SSL_CIPHER_get_version(ci),
SSL_CIPHER_get_name(ci),
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54344] Found lack of sanity checks for malloc() in file ab.c
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54344
--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Thanks for the report.
Fixed in trunk in r1488492.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54344] Found lack of sanity checks for malloc() in file ab.c
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54344
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Christophe JAILLET <ch...@wanadoo.fr> ---
Fixed in trunk and back-ported to 2.4.x branch with a different approach.
See r1554214.
Will be part of 2.4.8.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org