https://bz.apache.org/bugzilla/show_bug.cgi?id=57868
Bug ID: 57868
Summary: SIGSEV when lacking correct DB access permissions
Product: Apache httpd-2
Version: 2.4.10
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authz_dbd
Assignee: [email protected]
Reporter: [email protected]
Created attachment 32696
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32696&action=edit
Fixes sigsev in mod_authz_dbd when server lacks access rights to the db table
If the dbd handle preparation fails due to a misconfiguration of the database
server or the access rights to the table, the server logs something along these
lines:
AH00632: failed to prepare SQL statements: UPDATE command denied to
user 'foo'@'exampleorg' for table 'bar'
As a consequence, the call to dbd_handle(r) returns NULL. However, in
mod_authz_dbd, there was no control for the value of dbd before its being used
in both authz_dbd_login() and authzdbd_group():
ap_dbd_t *dbd = dbd_handle(r);
...
query = apr_hash_get(dbd->prepared, <--- SIGSEV
I'm attaching a patch that solves this issue. I didn't check to see if it also
occurs in other nz modules based on mod_dbd.c
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
