Bugs item #455156, was opened at 2001-08-24 17:26
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=103152&aid=455156&group_id=3152
Category: Modules: nsperm (Permissions)
Group: aolserver3_4
Status: Open
Resolution: None
Priority: 5
Submitted By: Jeff Rogers (dvrsn)
Assigned to: Nobody/Anonymous (nobody)
Summary: segfault in nsperm
Initial Comment:
If the configuration parameter SkipLocks is "on" (the
default) then calling "ns_perm checkpass user pass"
with a user that exists (regardless of whether the
password is correct or not) will segfault the server.
The reason is quite simple: the mutex in the users
TclHashTable is not initialized if skiplocks is set,
but UserAuthProc does not check if skiplocks is set
before attempting to lock the mutex. Checking
skiplocks before attempting to manipulate the mutex (as
its done nearly everywhere else in the code) fixes the
segfault.
SetPassCmd is similarly broken, but it should probably
not be allowed at all if skiplocks is set.
Also, Ns_MutexLock and Ns_LockMutex are both used
(similarly for Unlock); it seems that the first should
be preferres as LockMutex is from the 2.x compatability
code.
These reasons are likely partly behind the complete
rewrite of nsperm for 4.x, but that has not yet been
released and people running 3.4 or earlier may want to
know about this problem.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=103152&aid=455156&group_id=3152
