[
https://issues.apache.org/jira/browse/AXIS2C-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1635.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
Issue: 1. in_stream reuse after free
Status: Already fixed
Commit: SSL stream handling was previously corrected
────────────────────────────────────────
Issue: 2. svc_client options freed before dependents
Status: Fixed
Commit: 3d34cb6bc
────────────────────────────────────────
Issue: 3. connection_map key leak
Status: Fixed
Commit: 973f3e316
────────────────────────────────────────
Issue: 4. Stream buffer length crasher
Status: Fixed
Commit: c26057121
────────────────────────────────────────
Issue: 5. om_element memleak
Status: Fixed
Commit: f373d238d
New Commits This Session
Commit: 3d34cb6bc
File: src/core/clientapi/svc_client.c
Description: Free options last to avoid use-after-free
────────────────────────────────────────
Commit: 973f3e316
File: src/core/transport/http/sender/http_sender.c
Description: Free strdup'd connection_map keys when entries removed
────────────────────────────────────────
Commit: f373d238d
File: axiom/src/om/om_element.c
Description: Free empty namespace key after hash_set
────────────────────────────────────────
Commit: c26057121
File: util/src/stream.c
Description: Use >= for buffer realloc to account for null byte
All 4 remaining issues from the AXIS2C-1635 omnibus bug have been fixed. The
only issue that was already fixed was #1 (in_stream reuse after free) which
appears to have been addressed by earlier SSL stream handling improvements.
> Fix for various memleaks & corruptions
> --------------------------------------
>
> Key: AXIS2C-1635
> URL: https://issues.apache.org/jira/browse/AXIS2C-1635
> Project: Axis2-C
> Issue Type: Bug
> Affects Versions: 1.6.0
> Environment: FC18 / WinXP
> Reporter: Gilles Gagniard
> Priority: Major
> Labels: patch
> Fix For: 2.0.0
>
> Attachments: axis2c-1635.patch, axis2c_fixes.patch
>
>
> This issue contains a patch for various memleaks / corruptions in Axis2/C.
> Each proposed fix has an attached comment in the patch describing the issue.
> In particular, it fixes :
> - a crasher introduced with r1467162 : in http_sender.c in_stream could be
> reused after being freed
> - a crasher sometime happening when freeing a svc_client : in svc_client.c
> options should be freed last because free callbacks for other members can tap
> into options (and do, see conf_ctx for instance !)
> - a memleak in the connection_map handling in http_sender.c (key is always
> strdup()ed but never freed)
> - a crasher in stream handling, happening if the incoming stream length is
> exactly equal to internal buffer length
> - a memleak in om_element
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
