You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Joe Orton <jo...@redhat.com> on 2008/02/25 12:01:18 UTC
Re: svn commit: r630307 - in /httpd/httpd/trunk/modules/ssl:
ssl_private.h ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c
ssl_scache_memcache.c ssl_scache_shmcb.c
On Sat, Feb 23, 2008 at 11:40:26AM +0100, Ruediger Pluem wrote:
> On 02/22/2008 08:58 PM, jorton@apache.org wrote:
>> Author: jorton
>> Date: Fri Feb 22 11:58:39 2008
>> New Revision: 630307
>>
>> URL: http://svn.apache.org/viewvc?rev=630307&view=rev
...
>> memcpy(&expiry, dbmval.dptr, sizeof(time_t));
>> + memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData);
>
> Shouldn't we do
>
> *destlen = nData;
>
> here?
Fixed both of those cases in r630787.
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c Fri Feb 22 11:58:39 2008
...
>> + /* Only consider 'idx' if the id matches, and the "removed"
>> + * flag isn't set; check the data length too to avoid a buffer
>> + * overflow in case of corruption, which should be impossible,
>> + * but it's cheap to be safe. */
>> + if (idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen
>> + && shmcb_cyclic_memcmp(header->subcache_data_size,
>> + SHMCB_DATA(header, subcache),
>> + idx->data_pos, id, idx->id_len) == 0) {
>
> Where do you check for the removed flag?
And both of those cases in r630786.
Thanks a lot for the careful review!
joe