You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2015/03/13 08:21:10 UTC
svn commit: r1666361 - in /httpd/httpd/trunk: CHANGES
modules/dav/main/util_lock.c
Author: jailletc36
Date: Fri Mar 13 07:21:10 2015
New Revision: 1666361
URL: http://svn.apache.org/r1666361
Log:
Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0". PR55420
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/dav/main/util_lock.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1666361&r1=1666360&r2=1666361&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Mar 13 07:21:10 2015
@@ -6,6 +6,13 @@ Changes with Apache 2.5.0
to a local URL-path with the INCLUDES filter active, introduced
in 2.4.11. PR 57531. [Yann Ylavic]
+ *) mod_dav: Avoid a potential integer underflow in the lock timeout value sent
+ back to a client. The answer to a LOCK request could be an extremly large
+ integer if the time needed to lock the resource was longer that the
+ requested timeout given in the LOCK request. In such a case, we now answer
+ "Second-0". PR55420
+ [Christophe Jaillet]
+
*) mod_ssl: Fix possible crash when loading server certificate constraints.
PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
Modified: httpd/httpd/trunk/modules/dav/main/util_lock.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util_lock.c?rev=1666361&r1=1666360&r2=1666361&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util_lock.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util_lock.c Fri Mar 13 07:21:10 2015
@@ -133,8 +133,18 @@ DAV_DECLARE(const char *) dav_lock_get_a
}
else {
time_t now = time(NULL);
- apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
- dav_buffer_append(p, pbuf, tmp);
+
+ /*
+ ** Check if the timeout is not, for any reason, already elapsed.
+ ** (e.g., because of a large collection, or disk under heavy load...)
+ */
+ if (now >= lock->timeout) {
+ dav_buffer_append(p, pbuf, "Second-0");
+ }
+ else {
+ apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
+ dav_buffer_append(p, pbuf, tmp);
+ }
}
dav_buffer_append(p, pbuf,