You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2022/03/29 04:01:18 UTC
svn commit: r1899339 - in /subversion/branches/1.14.x: ./ STATUS subversion/libsvn_repos/authz.c
Author: svn-role
Date: Tue Mar 29 04:01:18 2022
New Revision: 1899339
URL: http://svn.apache.org/viewvc?rev=1899339&view=rev
Log:
Merge r1894734 from trunk:
* r1894734
Fix issue #4880, "Use-after-free of object-pools when running in httpd"
Justification:
Subversion should not crash. User complained.
Votes:
+1: stsp, hartmannathan, rhuijben
Modified:
subversion/branches/1.14.x/ (props changed)
subversion/branches/1.14.x/STATUS
subversion/branches/1.14.x/subversion/libsvn_repos/authz.c
Propchange: subversion/branches/1.14.x/
------------------------------------------------------------------------------
Merged /subversion/trunk:r1894734
Modified: subversion/branches/1.14.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.14.x/STATUS?rev=1899339&r1=1899338&r2=1899339&view=diff
==============================================================================
--- subversion/branches/1.14.x/STATUS (original)
+++ subversion/branches/1.14.x/STATUS Tue Mar 29 04:01:18 2022
@@ -63,13 +63,6 @@ Veto-blocked changes:
Approved changes:
=================
- * r1894734
- Fix issue #4880, "Use-after-free of object-pools when running in httpd"
- Justification:
- Subversion should not crash. User complained.
- Votes:
- +1: stsp, hartmannathan, rhuijben
-
* r1899227
Don't show unreadable copyfrom paths in 'svn log -v'
Justification:
Modified: subversion/branches/1.14.x/subversion/libsvn_repos/authz.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.14.x/subversion/libsvn_repos/authz.c?rev=1899339&r1=1899338&r2=1899339&view=diff
==============================================================================
--- subversion/branches/1.14.x/subversion/libsvn_repos/authz.c (original)
+++ subversion/branches/1.14.x/subversion/libsvn_repos/authz.c Tue Mar 29 04:01:18 2022
@@ -130,6 +130,30 @@ static svn_object_pool__t *authz_pool =
static svn_object_pool__t *filtered_pool = NULL;
static svn_atomic_t authz_pool_initialized = FALSE;
+/*
+ * Ensure that we will initialize authz again if the pool which
+ * our authz caches depend on is cleared.
+ *
+ * HTTPD may run pre/post config hooks multiple times and clear
+ * its global configuration pool which our authz pools depend on.
+ * This happens in a non-threaded context during HTTPD's intialization
+ * and HTTPD's main loop, so it is safe to reset static variables here.
+ * (And any applications which cleared this pool while SVN threads
+ * were running would crash no matter what.)
+ *
+ * See issue #4880, "Use-after-free of object-pools in
+ * subversion/libsvn_repos/authz.c when used as httpd module"
+ */
+static apr_status_t
+deinit_authz(void *data)
+{
+ /* The two object pools run their own cleanup handlers. */
+ authz_pool = NULL;
+ filtered_pool = NULL;
+ authz_pool_initialized = FALSE;
+ return APR_SUCCESS;
+}
+
/* Implements svn_atomic__err_init_func_t. */
static svn_error_t *
synchronized_authz_initialize(void *baton, apr_pool_t *pool)
@@ -143,6 +167,7 @@ synchronized_authz_initialize(void *bato
SVN_ERR(svn_object_pool__create(&authz_pool, multi_threaded, pool));
SVN_ERR(svn_object_pool__create(&filtered_pool, multi_threaded, pool));
+ apr_pool_cleanup_register(pool, NULL, deinit_authz, apr_pool_cleanup_null);
return SVN_NO_ERROR;
}