You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Jeffrey W. Baker" <jw...@acm.org> on 2001/02/09 02:01:17 UTC
1.3.17 segfault from ap_unparse_uri_components() + patch
Apache 1.3.17 can segfault when trying to form a URI string from a
uri_components structure, if the structure has a hostname but no scheme.
The offending bit of code is actually in ap_default_port_for_scheme(),
which will pass a null pointer to strcasecmp(), and that function will
generate a segmentation violation when it dereferences the null pointer.
One approach for fixing this is for ap_default_port_for_scheme() to check
for a NULL argument. Here is a patch for that:
--- util_uri.c.orig Thu Feb 8 16:19:36 2001
+++ util_uri.c Thu Feb 8 16:39:08 2001
@@ -88,6 +88,9 @@
{
schemes_t *scheme;
+ if (scheme_str == NULL)
+ return 0;
+
for (scheme = schemes; scheme->name != NULL; ++scheme)
if (strcasecmp(scheme_str, scheme->name) == 0)
return scheme->default_port;
Another method is to fix the logic in ap_unparse_uri_components(). We can
do that by setting the scheme to http whenever it is empty. This may be
undesired, but here is a patch anyway:
--- util_uri.c.orig Thu Feb 8 16:19:36 2001
+++ util_uri.c Thu Feb 8 16:52:00 2001
@@ -190,6 +190,9 @@
if (uptr->hostname) {
int is_default_port;
+ if (uptr->scheme == NULL)
+ uptr->scheme = "http";
+
is_default_port =
(uptr->port_str == NULL ||
uptr->port == 0 ||
Alternately, see the attached patch which defines the default scheme in
util_uri.h.
The last way is to fix ap_unparse_uri_components() completely. It is
pretty fucked up right now. And util_uri.c is full of tabs, blech. I'll
rewrite it if there is any interest, but if not, I won't bother. Please
let me know.
-jwb
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.
On Thu, Feb 08, 2001 at 05:01:17PM -0800, Jeffrey W. Baker wrote:
> Alternately, see the attached patch which defines the default scheme in
> util_uri.h.
>
> The last way is to fix ap_unparse_uri_components() completely. It is
> pretty fucked up right now. And util_uri.c is full of tabs, blech. I'll
> rewrite it if there is any interest, but if not, I won't bother. Please
> let me know.
I like your last proposal best. At least one of them should be applied
to apache-1.3.18-dev before releasing (right, Jim?)
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
<ma...@apache.org> | 81730 Munich, Germany
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by "Jeffrey W. Baker" <jw...@acm.org>.
On Fri, 16 Feb 2001, William A. Rowe, Jr. wrote:
> From: "Jeffrey W. Baker" <jw...@acm.org>
> Sent: Thursday, February 08, 2001 7:01 PM
>
>
> > Alternately, see the attached patch which defines the default scheme in
> > util_uri.h.
>
> I particularly like this fix, please apply.
>
> > The last way is to fix ap_unparse_uri_components() completely. It is
> > pretty fucked up right now. And util_uri.c is full of tabs, blech. I'll
> > rewrite it if there is any interest, but if not, I won't bother. Please
> > let me know.
>
> I'm very happy to see it cleaned up. _However_ that would be too excessive
> for 1.3.18 - feel free to get it in immediately following the 1.3.18 tag.
I have already sent a patch to new-httpd on Saturday, and I believe that
Martin has had a look at it. Shall I resend it?
-jwb
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
From: "Jeffrey W. Baker" <jw...@acm.org>
Sent: Friday, February 16, 2001 12:07 PM
> On Fri, 16 Feb 2001, William A. Rowe, Jr. wrote:
>
> I already sent a rewrite of that function to the list, and I believe
> Martin had a look at it. Shall I resend it?
I'll send it complete with my comments embedded in about 10 min.
If you take my comments into account, even this 'apparently big and
harry patch' could get into 1.3.18.
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by "Jeffrey W. Baker" <jw...@acm.org>.
On Fri, 16 Feb 2001, William A. Rowe, Jr. wrote:
> From: "Jeffrey W. Baker" <jw...@acm.org>
> Sent: Thursday, February 08, 2001 7:01 PM
>
>
> > Alternately, see the attached patch which defines the default scheme in
> > util_uri.h.
>
> I particularly like this fix, please apply.
>
> > The last way is to fix ap_unparse_uri_components() completely. It is
> > pretty fucked up right now. And util_uri.c is full of tabs, blech. I'll
> > rewrite it if there is any interest, but if not, I won't bother. Please
> > let me know.
>
> I'm very happy to see it cleaned up. _However_ that would be too excessive
> for 1.3.18 - feel free to get it in immediately following the 1.3.18 tag.
I already sent a rewrite of that function to the list, and I believe
Martin had a look at it. Shall I resend it?
-jwb
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
From: "Jeffrey W. Baker" <jw...@acm.org>
Sent: Thursday, February 08, 2001 7:01 PM
> Alternately, see the attached patch which defines the default scheme in
> util_uri.h.
I particularly like this fix, please apply.
> The last way is to fix ap_unparse_uri_components() completely. It is
> pretty fucked up right now. And util_uri.c is full of tabs, blech. I'll
> rewrite it if there is any interest, but if not, I won't bother. Please
> let me know.
I'm very happy to see it cleaned up. _However_ that would be too excessive
for 1.3.18 - feel free to get it in immediately following the 1.3.18 tag.
Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.
On Thu, Feb 08, 2001 at 05:01:17PM -0800, Jeffrey W. Baker wrote:
> The last way is to fix ap_unparse_uri_components() completely. It is
> pretty fucked up right now.
What specifically would you try to change? The logic? Or add more safety
against NULL pointers?
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
<ma...@apache.org> | 81730 Munich, Germany