The following reply was made to PR mod_cern_meta/1500; it has been noted by
GNATS.
From: Dean Gaudet <[EMAIL PROTECTED]>
To: Joe Condon <[EMAIL PROTECTED]>
Cc: Roy Wood <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: mod_cern_meta/1500: mod_cern_meta corrupts memory pool
Date: Mon, 8 Dec 1997 14:42:44 -0800 (PST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to [EMAIL PROTECTED] for more info.
--0__=YWpV06K7bc6q4UQbyk4u2g9kNrssA6hy8vcEy3xVm1mHiQDnJDlBW5zv
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-ID: <[EMAIL PROTECTED]>
On Mon, 8 Dec 1997, Joe Condon wrote:
> r->connection->user value is the value that is getting hammered. This value
> is set in the http_protocol.c source file in function get_basic_auth_pw()
> at approximately line 1019.
>
> 1019 r->connection->user = getword_nulls_nc(r->pool, &t, ?:?);
>
> Storage allocation for this value occurs in the getword_nulls_nc() function
> and it is allocated from the memory pool r->pool passed to the function.
Excellent, thanks for looking into this in such depth. The problem is
that those allocations clearly should be made from r->connection->pool,
because they have the same lifetime as r->connection. Try this patch.
Dean
--- http_protocol.c.dist Mon Dec 8 14:29:51 1997
+++ http_protocol.c Mon Dec 8 14:35:26 1997
@@ -935,7 +935,11 @@
}
t = uudecode (r->pool, auth_line);
- r->connection->user = getword_nulls_nc (r->pool, &t, ':');
+ /* Note that this allocation has to be made from r->connection->pool
+ * because it has the lifetime of the connection. The other allocations
+ * are temporary and can be tossed away any time.
+ */
+ r->connection->user = getword_nulls_nc (r->connection->pool, &t, ':');
r->connection->auth_type = "Basic";
*pw = t;
--0__=YWpV06K7bc6q4UQbyk4u2g9kNrssA6hy8vcEy3xVm1mHiQDnJDlBW5zv--
