You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by John Bley <jb...@acpub.duke.edu> on 1999/02/23 17:38:37 UTC
[PATCH] 3 malloc checks, use pid_t (Forgot patch first time)
Whoops, forgot the patch the first time. Flame away at my ineptitude.
Three missed malloc checks in ap/ap_execve.c and a pile of assumptions
about int being equivalent to pid_t in alloc.{c,h}. WIN32 *might* be an
issue here but I doubt it based on an existing non-#ifdef-wrapped pid_t.
Patch in diff -u against 1.3.4 clean (yes, I should start using cvs).
On a related note, the mallocs in os/unix/*.c need checking/friendly
error messages. I don't have access to any of the systems that use that
code (Rhapsody, AIX, anything where DLSYM_NEEDS_UNDERSCORE), so I can't
submit a tested patch.
Since src/regex appears to be a non-apache library, is it off-limits for
patches? I assumed so, and haven't really looked at it too closely.
--
John Bley - jbb6@acpub.duke.edu
Duke '99 - English/Computer Science
Since English is a mess, it maps well onto the problem space,
which is also a mess, which we call reality. - Larry Wall
diff -Burp apache_1.3.4/src/ap/ap_execve.c apache_1.3.4-patched/src/ap/ap_execve.c
--- apache_1.3.4/src/ap/ap_execve.c Fri Jan 1 14:04:36 1999
+++ apache_1.3.4-patched/src/ap/ap_execve.c Tue Feb 23 10:50:34 1999
@@ -126,8 +126,10 @@ int ap_execle(const char *filename, cons
}
va_end(adummy);
- if ((argv = (char **) malloc((argc + 2) * sizeof(*argv))) == NULL)
+ if ((argv = (char **) malloc((argc + 2) * sizeof(*argv))) == NULL) {
+ fprintf(stderr, "Ouch! Out of memory in ap_execle()!"\n;
return -1;
+ }
/* Pass two --- copy the argument strings into the result space */
va_start(adummy, argv0);
@@ -222,8 +224,10 @@ int ap_execve(const char *filename, cons
else {
int i = count_args(argv) + 1; /* +1 for leading SHELL_PATH */
- if ((script_argv = malloc(sizeof(*script_argv) * i)) == NULL)
+ if ((script_argv = malloc(sizeof(*script_argv) * i)) == NULL) {
+ fprintf(stderr, "Ouch! Out of memory in ap_execve()!\n");
return -1;
+ }
script_argv[0] = SHELL_PATH;
@@ -345,6 +349,10 @@ static const char **hashbang(const char
newargv = (char **) malloc((p - lbuf + 1)
+ (i + sargc + 1) * sizeof(*newargv));
+ if (newargv == NULL) {
+ fprintf(stderr, "Ouch! Out of memory in hashbang()!\n");
+ return NULL;
+ }
ws = &((char *) newargv)[(i + sargc + 1) * sizeof(*newargv)];
/* Copy entries to allocated memory */
diff -Burp apache_1.3.4/src/include/alloc.h apache_1.3.4-patched/src/include/alloc.h
--- apache_1.3.4/src/include/alloc.h Sun Jan 3 07:04:36 1999
+++ apache_1.3.4-patched/src/include/alloc.h Tue Feb 23 11:12:40 1999
@@ -342,7 +342,7 @@ enum kill_conditions {
};
typedef struct child_info child_info;
-API_EXPORT(void) ap_note_subprocess(pool *a, int pid,
+API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid,
enum kill_conditions how);
API_EXPORT(int) ap_spawn_child(pool *, int (*)(void *, child_info *),
void *, enum kill_conditions,
diff -Burp apache_1.3.4/src/main/alloc.c apache_1.3.4-patched/src/main/alloc.c
--- apache_1.3.4/src/main/alloc.c Sun Jan 3 07:04:37 1999
+++ apache_1.3.4-patched/src/main/alloc.c Tue Feb 23 11:15:46 1999
@@ -1998,8 +1998,8 @@ struct process_chain {
struct process_chain *next;
};
-API_EXPORT(void) ap_note_subprocess(pool *a, int pid, enum kill_conditions how)
-{
+API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid, enum kill_conditions
+how) {
struct process_chain *new =
(struct process_chain *) ap_palloc(a, sizeof(struct process_chain));
@@ -2022,11 +2022,11 @@ API_EXPORT(void) ap_note_subprocess(pool
#define BINMODE
#endif
-static int spawn_child_core(pool *p, int (*func) (void *, child_info *),
+static pid_t spawn_child_core(pool *p, int (*func) (void *, child_info *),
void *data,enum kill_conditions kill_how,
int *pipe_in, int *pipe_out, int *pipe_err)
{
- int pid;
+ pid_t pid;
int in_fds[2];
int out_fds[2];
int err_fds[2];
@@ -2220,7 +2220,8 @@ API_EXPORT(int) ap_spawn_child(pool *p,
FILE **pipe_err)
{
int fd_in, fd_out, fd_err;
- int pid, save_errno;
+ pid_t pid;
+ int save_errno;
ap_block_alarms();
@@ -2280,7 +2281,7 @@ API_EXPORT(int) ap_bspawn_child(pool *p,
HANDLE hPipeOutputReadDup = NULL;
HANDLE hPipeErrorReadDup = NULL;
HANDLE hCurrentProcess;
- int pid = 0;
+ pid_t pid = 0;
child_info info;
@@ -2452,7 +2453,8 @@ API_EXPORT(int) ap_bspawn_child(pool *p,
#else
int fd_in, fd_out, fd_err;
- int pid, save_errno;
+ pid_t pid;
+ int save_errno;
ap_block_alarms();