You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ja...@apache.org on 2015/03/13 08:21:10 UTC

svn commit: r1666361 - in /httpd/httpd/trunk: CHANGES modules/dav/main/util_lock.c

Author: jailletc36
Date: Fri Mar 13 07:21:10 2015
New Revision: 1666361

URL: http://svn.apache.org/r1666361
Log:
Avoid a potential integer underflow in the lock timeout value sent back to a client. The answer to a LOCK request could be an extremly large integer if the time needed to lock the resource was longer that the requested timeout given in the LOCK request. In such a case, we now answer "Second-0".  PR55420

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/dav/main/util_lock.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1666361&r1=1666360&r2=1666361&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Mar 13 07:21:10 2015
@@ -6,6 +6,13 @@ Changes with Apache 2.5.0
      to a local URL-path with the INCLUDES filter active, introduced
      in 2.4.11. PR 57531. [Yann Ylavic]
 
+  *) mod_dav: Avoid a potential integer underflow in the lock timeout value sent
+     back to a client. The answer to a LOCK request could be an extremly large
+     integer if the time needed to lock the resource was longer that the
+     requested timeout given in the LOCK request. In such a case, we now answer
+     "Second-0".  PR55420
+     [Christophe Jaillet]
+
   *) mod_ssl: Fix possible crash when loading server certificate constraints.
      PR 57694. [Paul Spangler <paul.spangler ni com>, Yann Ylavic]
 

Modified: httpd/httpd/trunk/modules/dav/main/util_lock.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util_lock.c?rev=1666361&r1=1666360&r2=1666361&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util_lock.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util_lock.c Fri Mar 13 07:21:10 2015
@@ -133,8 +133,18 @@ DAV_DECLARE(const char *) dav_lock_get_a
         }
         else {
             time_t now = time(NULL);
-            apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
-            dav_buffer_append(p, pbuf, tmp);
+            
+            /*
+            ** Check if the timeout is not, for any reason, already elapsed.
+            ** (e.g., because of a large collection, or disk under heavy load...)
+             */
+            if (now >= lock->timeout) {
+                dav_buffer_append(p, pbuf, "Second-0");
+            }
+            else {
+                apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
+                dav_buffer_append(p, pbuf, tmp);
+            }
         }
 
         dav_buffer_append(p, pbuf,