You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2010/02/23 13:07:03 UTC

svn commit: r915295 - in /httpd/httpd/trunk: CHANGES modules/ldap/util_ldap.c

Author: covener
Date: Tue Feb 23 12:07:03 2010
New Revision: 915295

URL: http://svn.apache.org/viewvc?rev=915295&view=rev
Log:
mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert when
some are not password-protected.


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=915295&r1=915294&r2=915295&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Feb 23 12:07:03 2010
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.7
 
+  *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
+     when some are not password-protected. [Eric Covener]
+
   *) Fix startup segfault when the Mutex directive is used but no loaded 
      modules use httpd mutexes.  PR 48787.  [Jeff Trawick]
 

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=915295&r1=915294&r2=915295&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Tue Feb 23 12:07:03 2010
@@ -625,9 +625,12 @@
     src = (struct apr_ldap_opt_tls_cert_t *)srcs->elts;
     dest = (struct apr_ldap_opt_tls_cert_t *)dests->elts;
     for (i = 0; i < srcs->nelts; i++) {
-        if (strcmp(src[i].path, dest[i].path) ||
-            strcmp(src[i].password, dest[i].password) ||
-            src[i].type != dest[i].type) {
+        if ((strcmp(src[i].path, dest[i].path)) ||
+            (src[i].type != dest[i].type) ||
+            /* One is passwordless? If so, then not equal */
+            ((src[i].password == NULL) ^ (dest[i].password == NULL)) ||
+            (src[i].password != NULL && dest[i].password != NULL &&
+             strcmp(src[i].password, dest[i].password))) {
             return 1;
         }
     }