You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/04/15 12:51:45 UTC

svn commit: r161437 - httpd/httpd/trunk/support/ab.c

Author: jorton
Date: Fri Apr 15 03:51:44 2005
New Revision: 161437

URL: http://svn.apache.org/viewcvs?view=rev&rev=161437
Log:
Fix and prevent some segfaults in ab:

* support/ab.c (main): Fail if given concurrency level greater than
number of requests, to prevent segfaults later.
(ssl_print_cert_info): Use the correct buffer size.
(ssl_start_connect): SSL_get_peer_cert_chain doesn't bump refcounts,
so don't free the cert chain here.
(test): Use both calloc parameters (unrelated cleanup).

Modified:
    httpd/httpd/trunk/support/ab.c

Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/support/ab.c?view=diff&r1=161436&r2=161437
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Fri Apr 15 03:51:44 2005
@@ -545,11 +545,11 @@
         EVP_PKEY_bits(X509_get_pubkey(x509cert)));
 
     dn=X509_get_issuer_name(x509cert);
-    X509_NAME_oneline(dn, buf, BUFSIZ);
+    X509_NAME_oneline(dn, buf, sizeof buf);
     BIO_printf(bio,"The issuer name is %s\n", buf);
 
     dn=X509_get_subject_name(x509cert);
-    X509_NAME_oneline(dn, buf, BUFSIZ);
+    X509_NAME_oneline(dn, buf, sizeof buf);
     BIO_printf(bio,"The subject name is %s\n", buf);
 
     /* dump the extension list too */
@@ -665,7 +665,6 @@
                 x509cert = (X509 *)sk_X509_value(sk,i);
 #endif
                 ssl_print_cert_info(bio_out,x509cert);
-                X509_free(x509cert);
             }
         }
 
@@ -1562,9 +1561,9 @@
 
     now = apr_time_now();
 
-    con = calloc(concurrency * sizeof(struct connection), 1);
+    con = calloc(concurrency, sizeof(struct connection));
     
-    stats = calloc(requests * sizeof(struct data), 1);
+    stats = calloc(requests, sizeof(struct data));
 
     if ((status = apr_pollset_create(&readbits, concurrency, cntxt, 0)) != APR_SUCCESS) {
         apr_err("apr_pollset_create failed", status);
@@ -2171,6 +2170,12 @@
     if ((concurrency < 0) || (concurrency > MAX_CONCURRENCY)) {
         fprintf(stderr, "%s: Invalid Concurrency [Range 0..%d]\n",
                 argv[0], MAX_CONCURRENCY);
+        usage(argv[0]);
+    }
+
+    if (concurrency > requests) {
+        fprintf(stderr, "%s: Cannot use concurrency level greater than "
+                "total number of requests\n", argv[0]);
         usage(argv[0]);
     }