You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marion & Christophe JAILLET <ch...@wanadoo.fr> on 2014/10/18 09:20:46 UTC
Re: svn commit: r1632736 - in /httpd/httpd/branches/2.4.x: CHANGES
STATUS modules/proxy/mod_proxy_http.c
Hi,
Isn't there the same kind of potential issue in:
mod_buffer, line 268
mod_cahce, line 687
Best regards,
CJ
Le 18/10/2014 08:57, jailletc36@apache.org a écrit :
> Author: jailletc36
> Date: Sat Oct 18 06:57:40 2014
> New Revision: 1632736
>
> URL: http://svn.apache.org/r1632736
> Log:
> Merge r1599486 from trunk
>
> mod_proxy_http: Avoid (unlikely) access to freed memory.
>
> Submitted by: ylavic
> Reviewed by: ylavic, jorton, rjung
> Backported by: jailletc36
>
> Modified:
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
> httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1632736&r1=1632735&r2=1632736&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Oct 18 06:57:40 2014
> @@ -13,6 +13,8 @@ Changes with Apache 2.4.11
> request headers earlier. Adds "MergeTrailers" directive to restore
> legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
>
> + *) mod_proxy_http: Avoid (unlikely) access to freed memory. [Yann Ylavic]
> +
> *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
> - to correctly reset bits
> - not to modify the 'method_mask' bitfield unnecessarily
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1632736&r1=1632735&r2=1632736&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Sat Oct 18 06:57:40 2014
> @@ -108,19 +108,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
> 2.4.x patch: trunk works
> +1: jkaluza, ylavic, rjung
>
> - * mod_proxy_http: Avoid (unlikely) access to freed memory.
> - trunk patch: http://svn.apache.org/r1599486
> - 2.4.x patch: trunk works
> - +1: ylavic, jorton, rjung (as is)
> - covener: I did not look in depth, but is the preceding log message also bad?
> - ylavic: No, this concerns the next for (;; e = APR_BUCKET_NEXT(e)) iteration.
> - We could also s/apr_bucket_delete/APR_BUCKET_REMOVE/ instead, but
> - stripping some (unhandled) buckets from the source brigade does
> - not look correct to me either (brigade *to is to be consumed, but
> - *from is still living, the caller may want to reuse it, eg:
> - https://issues.apache.org/bugzilla/attachment.cgi?id=31686).
> - Should we?
> -
> * mod_proxy: Make worker name truncation a non-fatal error.
> trunk patch: http://svn.apache.org/r1621367
> http://svn.apache.org/r1621372
>
> Modified: httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c?rev=1632736&r1=1632735&r2=1632736&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/proxy/mod_proxy_http.c Sat Oct 18 06:57:40 2014
> @@ -687,7 +687,6 @@ static apr_status_t proxy_buckets_lifeti
> ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00964)
> "Unhandled bucket type of type %s in"
> " proxy_buckets_lifetime_transform", e->type->name);
> - apr_bucket_delete(e);
> rv = APR_EGENERAL;
> }
> }
>
Re: svn commit: r1632736 - in /httpd/httpd/branches/2.4.x: CHANGES
STATUS modules/proxy/mod_proxy_http.c
Posted by Yann Ylavic <yl...@gmail.com>.
Done in r1632740 and r1632742.
Backport proposed in r1632744.
Thanks,
Yann.
On Sat, Oct 18, 2014 at 9:28 AM, Yann Ylavic <yl...@gmail.com> wrote:
> Hi Christophe,
>
> On Sat, Oct 18, 2014 at 9:20 AM, Marion & Christophe JAILLET
> <ch...@wanadoo.fr> wrote:
>> Hi,
>>
>> Isn't there the same kind of potential issue in:
>> mod_buffer, line 268
>> mod_cahce, line 687
>
> Yes both, good catches.
> Do you want/plan to fix them?
>
> Regards,
> Yann.
Re: svn commit: r1632736 - in /httpd/httpd/branches/2.4.x: CHANGES
STATUS modules/proxy/mod_proxy_http.c
Posted by Yann Ylavic <yl...@gmail.com>.
Hi Christophe,
On Sat, Oct 18, 2014 at 9:20 AM, Marion & Christophe JAILLET
<ch...@wanadoo.fr> wrote:
> Hi,
>
> Isn't there the same kind of potential issue in:
> mod_buffer, line 268
> mod_cahce, line 687
Yes both, good catches.
Do you want/plan to fix them?
Regards,
Yann.