You are viewing a plain text version of this content. The canonical link for it is here.

Posted to test-dev@httpd.apache.org by pt...@pobox.com on 2003/02/07 04:45:36 UTC

[PATCH] (flood) Handle invalid handler name in assign_profile_event_handler()

Summary:
     Fixed assign_profile_event_handler() to handle nonexistent names.

This patch fixes a null dereference when you specify a profile event
handler that does not exist in the profile_event_handlers[] table.
Below is the smallest test case I was able to generate to trigger
the crash.  Note that the entry for "profile_init" is "XXX".

<flood>
  <profile>
    <name>profile</name>
    <profile_init>XXX</profile_init>
  </profile>
  <farmer>
    <name>farmer</name>
    <useprofile>profile</useprofile>
  </farmer>
  <farm>
    <name>Bingo</name>
    <usefarmer>farmer</usefarmer>
  </farm>
</flood>

With this patch, flood generates the following message:
  Invalid implementation (XXX) for this handler (profile_init)
  Error running farmer 'farmer': This function has not been implemented on this platform.

I did find another crash when attempting to generate the small
test case above.  Take out <usefarmer>...</usefarmer> in the
sample XML above.  I did not investigate that crash.

Index: flood_profile.c
===================================================================
RCS file: /home/cvspublic/httpd-test/flood/flood_profile.c,v
retrieving revision 1.22
diff -u -r1.22 flood_profile.c
--- flood_profile.c	3 Feb 2003 17:10:56 -0000	1.22
+++ flood_profile.c	7 Feb 2003 03:14:54 -0000
@@ -329,7 +329,7 @@
 {
     profile_event_handler_t *p;
 
-    for (p = &profile_event_handlers[0]; p; p++) {
+    for (p = &profile_event_handlers[0]; p && (*p).handler_name; p++) {
         /* these are case insensitive (both key and value) for the sake of simplicity */
         if (strncasecmp(impl_name, (*p).impl_name, FLOOD_STRLEN_MAX) == 0) {
             if (strncasecmp(handler_name, (*p).handler_name, FLOOD_STRLEN_MAX) == 0) {

Re: [PATCH] (flood) Handle invalid handler name in assign_profile_event_handler()

Posted by Aaron Bannert <aa...@clove.org>.

committed, thanks!

-aaron


On Thursday, February 6, 2003, at 07:45  PM, ptran@pobox.com wrote:

> Summary:
>      Fixed assign_profile_event_handler() to handle nonexistent names.
>
> This patch fixes a null dereference when you specify a profile event
> handler that does not exist in the profile_event_handlers[] table.
> Below is the smallest test case I was able to generate to trigger
> the crash.  Note that the entry for "profile_init" is "XXX".
>
> <flood>
>   <profile>
>     <name>profile</name>
>     <profile_init>XXX</profile_init>
>   </profile>
>   <farmer>
>     <name>farmer</name>
>     <useprofile>profile</useprofile>
>   </farmer>
>   <farm>
>     <name>Bingo</name>
>     <usefarmer>farmer</usefarmer>
>   </farm>
> </flood>
>
> With this patch, flood generates the following message:
>   Invalid implementation (XXX) for this handler (profile_init)
>   Error running farmer 'farmer': This function has not been 
> implemented on this platform.