Author: markt Date: Wed Dec 21 14:37:23 2005 New Revision: 358402 URL: http://svn.apache.org/viewcvs?rev=358402&view=rev Log: Fix bug 35862. NSAPI attempts to read freed memory and to dereference a null pointer. - Patch provided by Brian Kavanagh
As far as my limited jk/C knowledge goes, the patch looks good. I would be grateful if someone with more jk/C knowledge than I could double check this commit. Modified: tomcat/connectors/trunk/jk/native/netscape/jk_nsapi_plugin.c tomcat/connectors/trunk/jk/xdocs/changelog.xml Modified: tomcat/connectors/trunk/jk/native/netscape/jk_nsapi_plugin.c URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/jk/native/netscape/jk_nsapi_plugin.c?rev=358402&r1=358401&r2=358402&view=diff ============================================================================== --- tomcat/connectors/trunk/jk/native/netscape/jk_nsapi_plugin.c (original) +++ tomcat/connectors/trunk/jk/native/netscape/jk_nsapi_plugin.c Wed Dec 21 14:37:23 2005 @@ -53,6 +53,8 @@ static jk_logger_t *logger = NULL; static jk_worker_env_t worker_env; +static jk_map_t *init_map = NULL; +static jk_uri_worker_map_t *uw_map = NULL; #ifdef NETWARE int (*PR_IsSocketSecure) (SYS_NETFD * csd); /* pointer to PR_IsSocketSecure function */ @@ -84,11 +86,19 @@ static void init_workers_on_other_threads(void *init_d) { - jk_map_t *init_map = (jk_map_t *)init_d; + init_map = (jk_map_t *)init_d; /* we add the URI->WORKER MAP since workers using AJP14 will feed it */ /* but where are they here in Netscape ? */ if (wc_open(init_map, &worker_env, logger)) { - init_on_other_thread_is_ok = JK_TRUE; + if (uri_worker_map_alloc(&uw_map, NULL, logger)) { + uw_map->fname = ""; + worker_env.uri_to_worker = uw_map; + init_on_other_thread_is_ok = JK_TRUE; + } + else { + jk_log(logger, JK_LOG_EMERG, + "In init_workers_on_other_threads, failed"); + } } else { jk_log(logger, JK_LOG_EMERG, @@ -215,7 +225,6 @@ char *shm_file = pblock_findval(JK_SHM_FILE_TAG, pb); int rc = REQ_ABORTED; - jk_map_t *init_map; fprintf(stderr, "In jk_init.\n Worker file = %s.\n Log level = %s.\n Log File = %s\n", @@ -260,8 +269,6 @@ } */ } - - jk_map_free(&init_map); } #ifdef NETWARE @@ -279,10 +286,18 @@ PR_IsSocketSecure = NULL; } #endif + if (uw_map) { + uri_worker_map_free(&uw_map, logger); + } + wc_close(logger); if (logger) { jk_close_file_logger(&logger); } + + if (init_map) { + jk_map_free(&init_map); + } } NSAPI_PUBLIC int jk_service(pblock * pb, Session * sn, Request * rq) @@ -393,6 +408,7 @@ s->headers_names = NULL; s->headers_values = NULL; s->num_headers = 0; + s->uw_map = uw_map; #ifdef NETWARE /* on NetWare, we can have virtual servers that are secure. Modified: tomcat/connectors/trunk/jk/xdocs/changelog.xml URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/jk/xdocs/changelog.xml?rev=358402&r1=358401&r2=358402&view=diff ============================================================================== --- tomcat/connectors/trunk/jk/xdocs/changelog.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/changelog.xml Wed Dec 21 14:37:23 2005 @@ -21,6 +21,17 @@ new documentation project for JK was started. </p> </section> +<section name="Changes from the released JK 1.2.15"> + <br /> + <subsection name="Native"> + <changelog> + <fix> + <bug>35862</bug>: NSAPI plugin attempts to read freed memory and attempts to + dereference a null pointer. Patch provided by Brian Kavanagh. (markt) + </fix> + </changelog> + </subsection> +</section> <section name="Changes from the released JK 1.2.14"> <br /> <subsection name="Native"> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]