You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2003/02/27 05:24:38 UTC
cvs commit: httpd-2.0/modules/filters mod_deflate.c
jerenkrantz 2003/02/26 20:24:38
Modified: . Tag: APACHE_2_0_BRANCH CHANGES
modules/filters Tag: APACHE_2_0_BRANCH mod_deflate.c
Log:
Fix potential memory leaks in mod_deflate on malformed data.
PR: 16046
Reviewed by: Andre, Jeff, Jim, FirstBill
Revision Changes Path
No revision
No revision
1.988.2.48 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.47
retrieving revision 1.988.2.48
diff -u -u -r1.988.2.47 -r1.988.2.48
--- CHANGES 27 Feb 2003 04:18:58 -0000 1.988.2.47
+++ CHANGES 27 Feb 2003 04:24:37 -0000 1.988.2.48
@@ -1,5 +1,8 @@
Changes with Apache 2.0.45
+ *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
+ [Justin Erenkrantz]
+
*) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
[Justin Erenkrantz]
No revision
No revision
1.26.2.2 +9 -0 httpd-2.0/modules/filters/mod_deflate.c
Index: mod_deflate.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/filters/mod_deflate.c,v
retrieving revision 1.26.2.1
retrieving revision 1.26.2.2
diff -u -u -r1.26.2.1 -r1.26.2.2
--- mod_deflate.c 3 Feb 2003 17:31:37 -0000 1.26.2.1
+++ mod_deflate.c 27 Feb 2003 04:24:38 -0000 1.26.2.2
@@ -603,6 +603,7 @@
if (zRC != Z_OK) {
f->ctx = NULL;
+ inflateEnd(&ctx->stream);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"unable to init Zlib: "
"inflateInit2 returned %d: URL %s",
@@ -622,6 +623,8 @@
rv = ap_get_brigade(f->next, ctx->bb, mode, block, readbytes);
if (rv != APR_SUCCESS) {
+ /* What about APR_EAGAIN errors? */
+ inflateEnd(&ctx->stream);
return rv;
}
@@ -631,6 +634,7 @@
/* If we actually see the EOS, that means we screwed up! */
if (APR_BUCKET_IS_EOS(bkt)) {
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}
@@ -638,6 +642,7 @@
apr_bucket *tmp_heap;
zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH);
if (zRC != Z_OK) {
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}
@@ -685,6 +690,7 @@
}
if (zRC != Z_OK) {
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}
}
@@ -709,17 +715,20 @@
unsigned long compCRC, compLen;
compCRC = getLong(ctx->stream.next_in);
if (ctx->crc != compCRC) {
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}
ctx->stream.next_in += 4;
compLen = getLong(ctx->stream.next_in);
if (ctx->stream.total_out != compLen) {
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}
}
else {
/* FIXME: We need to grab the 8 verification bytes
* from the wire! */
+ inflateEnd(&ctx->stream);
return APR_EGENERAL;
}