You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/07/12 09:04:53 UTC

[Bug 59844] New: Stack address is returned from function parse_ap_expr

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

            Bug ID: 59844
           Summary: Stack address is returned from function parse_ap_expr
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_include
          Assignee: bugs@httpd.apache.org
          Reporter: 15195907626@163.com

The code is as following.

static int parse_ap_expr(include_ctx_t *ctx, const char *expr, int *was_error)
{

     ap_expr_info_t expr_info

     ...

     ctx->info = &expr_info

     ...

     return ...
}

A stack address &expr_info is returned as a side effect.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #5 from Eric Covener <co...@gmail.com> ---
Fixed in 2.4.25

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

--- Comment #4 from 15195907626@163.com ---
I have not seen any symptom, but it is indeed a dangerous operation.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

--- Comment #6 from shqking <sh...@163.com> ---
(In reply to Eric Covener from comment #5)
> Fixed in 2.4.25

I found a similar problem in "support/htpasswd.c".
I have reported this issue in
https://bz.apache.org/bugzilla/show_bug.cgi?id=60634

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

--- Comment #3 from Eric Covener <co...@gmail.com> ---
Did you ever see a symptom on this?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

--- Comment #1 from 15195907626@163.com ---
The function is here: modules/filters/mod_include.c

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

--- Comment #2 from Eric Covener <co...@gmail.com> ---
Thanks for the report!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 59844] Stack address is returned from function parse_ap_expr

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59844

15195907626@163.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|Mac OS X 10.1               |All
                 CC|                            |15195907626@163.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org