If apr_crypto_get_driver fails the returned error contains a pointer to
a stack buffer and any access to it by the caller is undefined
behaviour. Patch against trunk (also applies to 1.5 and 1.4):
* crypto/apr_crypto.c
(apr_crypto_get_driver): Allocate error data from pool.
Index: crypto/apr_crypto.c
===================================================================
--- crypto/apr_crypto.c (revision 1619404)
+++ crypto/apr_crypto.c (working copy)
@@ -198,7 +198,7 @@ APR_DECLARE(apr_status_t) apr_crypto_get_driver(
if (err && buffer) {
apr_dso_error(dso, buffer, ERROR_SIZE - 1);
err->msg = buffer;
- err->reason = modname;
+ err->reason = apr_pstrdup(pool, modname);
*result = err;
}
}
--
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*
