You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dg...@hyperreal.org on 1997/12/21 00:44:31 UTC
cvs commit: apachen/src/main http_protocol.c
dgaudet 97/12/20 15:44:31
Modified: src CHANGES
src/main http_protocol.c
Log:
Fix memory corruption caused by allocating auth usernames in the wrong pool.
PR: 1500
Reviewed by: Martin Kraemer, Jim Jagielski
Revision Changes Path
1.533 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.532
retrieving revision 1.533
diff -u -r1.532 -r1.533
--- CHANGES 1997/12/19 23:52:58 1.532
+++ CHANGES 1997/12/20 23:44:28 1.533
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) Fix memory corruption caused by allocating auth usernames in the
+ wrong pool. [Dean Gaudet] PR#1500
+
*) Fix an off-by-1, and an unterminated string error in
mod_mime_magic. [Dean Gaudet]
1.170 +5 -1 apachen/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -r1.169 -r1.170
--- http_protocol.c 1997/11/01 22:24:08 1.169
+++ http_protocol.c 1997/12/20 23:44:30 1.170
@@ -952,7 +952,11 @@
}
t = uudecode(r->pool, auth_line);
- r->connection->user = getword_nulls_nc(r->pool, &t, ':');
+ /* Note that this allocation has to be made from r->connection->pool
+ * because it has the lifetime of the connection. The other allocations
+ * are temporary and can be tossed away any time.
+ */
+ r->connection->user = getword_nulls_nc (r->connection->pool, &t, ':');
r->connection->auth_type = "Basic";
*pw = t;