You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/01/03 11:22:46 UTC
[Bug 64049] New: Missing malloc check in sct_parse
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
Bug ID: 64049
Summary: Missing malloc check in sct_parse
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: OpenBSD
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: giovanni@paclan.it
Target Milestone: ---
Created attachment 36949
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36949&action=edit
Malloc check
In sct_parse memory is allocate via malloc(3) but there is no check if
allocation succeeds.
Diff attached.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
--- Comment #1 from Yann Ylavic <yl...@gmail.com> ---
I think we'd better use ap_malloc() here (and everywhere malloc/calloc() is
used) than returning an error (what could the caller do?).
ap_malloc() will abort() the process in case of failure, which is how httpd
usually handles memory allocations failures.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
--- Comment #4 from Giovanni Bechis <gi...@paclan.it> ---
malloc -> ap_malloc conversion committed in trunk in r1874156.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #36949|0 |1
is obsolete| |
--- Comment #2 from Giovanni Bechis <gi...@paclan.it> ---
Created attachment 36956
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36956&action=edit
convert malloc to ap_malloc
Convert malloc to ap_malloc when needed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #36956|0 |1
is obsolete| |
--- Comment #3 from Giovanni Bechis <gi...@paclan.it> ---
Created attachment 36958
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36958&action=edit
Updated patch with a missing calloc -> ap_calloc conversion
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64049] Missing malloc check in sct_parse
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64049
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org