You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/01/03 11:22:46 UTC

[Bug 64049] New: Missing malloc check in sct_parse

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

            Bug ID: 64049
           Summary: Missing malloc check in sct_parse
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: giovanni@paclan.it
  Target Milestone: ---

Created attachment 36949
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36949&action=edit
Malloc check

In sct_parse memory is allocate via malloc(3) but there is no check if
allocation succeeds.
Diff attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

--- Comment #1 from Yann Ylavic <yl...@gmail.com> ---
I think we'd better use ap_malloc() here (and everywhere malloc/calloc() is
used) than returning an error (what could the caller do?).

ap_malloc() will abort() the process in case of failure, which is how httpd
usually handles memory allocations failures.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

--- Comment #4 from Giovanni Bechis <gi...@paclan.it> ---
malloc -> ap_malloc conversion committed in trunk in r1874156.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

Giovanni Bechis <gi...@paclan.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #36949|0                           |1
        is obsolete|                            |

--- Comment #2 from Giovanni Bechis <gi...@paclan.it> ---
Created attachment 36956
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36956&action=edit
convert malloc to ap_malloc

Convert malloc to ap_malloc when needed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

Giovanni Bechis <gi...@paclan.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #36956|0                           |1
        is obsolete|                            |

--- Comment #3 from Giovanni Bechis <gi...@paclan.it> ---
Created attachment 36958
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36958&action=edit
Updated patch with a missing calloc -> ap_calloc conversion

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

Giovanni Bechis <gi...@paclan.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64049] Missing malloc check in sct_parse

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64049

Giovanni Bechis <gi...@paclan.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org