You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@subversion.apache.org by "Branko Čibej (JIRA)" <ji...@apache.org> on 2018/10/30 20:52:00 UTC
[jira] [Resolved] (SVN-4782) Using (const char*)1 in Apache HTTP
server modules as value for r->notes cause httpd to crash
[ https://issues.apache.org/jira/browse/SVN-4782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Branko Čibej resolved SVN-4782.
-------------------------------
Resolution: Fixed
> Using (const char*)1 in Apache HTTP server modules as value for r->notes cause httpd to crash
> ---------------------------------------------------------------------------------------------
>
> Key: SVN-4782
> URL: https://issues.apache.org/jira/browse/SVN-4782
> Project: Subversion
> Issue Type: Bug
> Affects Versions: 1.9.x, trunk, 1.10.x, 1.11.x
> Environment: All environments
> Reporter: Ruediger Pluem
> Priority: Major
> Labels: patch
> Attachments: notes_fix.diff
>
>
> *mod_authz_svn.c* and *mod_dav_svn.c* add keys to *r->notes* to memorize boolean states (*FORCE_AUTHN_NOTE*, *IN_SOME_AUTHN_NOTE*, *authz_svn-anon-ok*, *NO_MAP_TO_STORAGE_NOTE*). They use _(const char*)1_ as values for the keys. This causes any call to *apr_table_clone* for *r->notes* to crash with a SEGFAULT, because _(const char*)1_ is an invalid address. *mod_http2* in httpd calls *apr_table_clone* for *r->notes* and hence the httpd process crashes. The attached patch (against trunk) replaces the value of _(const char*)1_ in these cases with a value of _"1"_.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)