You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Joe Orton <jo...@redhat.com> on 2008/02/25 12:01:18 UTC

Re: svn commit: r630307 - in /httpd/httpd/trunk/modules/ssl: ssl_private.h ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_memcache.c ssl_scache_shmcb.c

On Sat, Feb 23, 2008 at 11:40:26AM +0100, Ruediger Pluem wrote:
> On 02/22/2008 08:58 PM, jorton@apache.org wrote:
>> Author: jorton
>> Date: Fri Feb 22 11:58:39 2008
>> New Revision: 630307
>>
>> URL: http://svn.apache.org/viewvc?rev=630307&view=rev
...
>>      memcpy(&expiry, dbmval.dptr, sizeof(time_t));
>> +    memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData);
>
> Shouldn't we do
>
> *destlen = nData;
>
> here?

Fixed both of those cases in r630787.

>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_scache_shmcb.c Fri Feb 22 11:58:39 2008
...
>> +        /* Only consider 'idx' if the id matches, and the "removed"
>> +         * flag isn't set; check the data length too to avoid a buffer
>> +         * overflow in case of corruption, which should be impossible,
>> +         * but it's cheap to be safe. */
>> +        if (idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen
>> +            && shmcb_cyclic_memcmp(header->subcache_data_size,
>> +                                   SHMCB_DATA(header, subcache),
>> +                                   idx->data_pos, id, idx->id_len) == 0) {
>
> Where do you check for the removed flag?

And both of those cases in r630786.

Thanks a lot for the careful review!

joe