granicus.if.org Git - apache/commit

author	Evgeny Kotkov <kotkov@apache.org>
	Mon, 10 Oct 2016 09:40:06 +0000 (09:40 +0000)
committer	Evgeny Kotkov <kotkov@apache.org>
	Mon, 10 Oct 2016 09:40:06 +0000 (09:40 +0000)
commit	d1ecb963ed52f7a480817cb0dac0d7106bedbb4f
tree	6febe65aa6f0ec5f3e5d81a7077977277972bf4e	tree \| snapshot
parent	0da36a75f8c0f173c6f7bed0278bb76ffb0510df	commit \| diff

mod_dav: Fix a potential cause of unbounded memory usage or incorrect
behavior in a routine that sends <DAV:response>'s to the output filters.

The dav_send_one_response() function accepts the current head of the output
filter list as an argument, but the actual head can change between calls to
ap_pass_brigade().  This can happen with self-removing filters, e.g., with
the filter from mod_headers or mod_deflate.  Consequently, executing an
already removed filter can either cause unwanted memory usage or incorrect
behavior.

This patch changes the signature of the existing mod_dav's public API,
dav_send_one_response(), because this API is not yet a part of any 2.4.x
release.

* modules/dav/main/mod_dav.c
  (dav_send_one_response): Accept a request_rec instead of an ap_filter_t.
   Write the response to r->output_filters.
  (dav_send_multistatus, dav_stream_response): Update these calling sites
   of dav_send_one_response().

* modules/dav/main/mod_dav.h
  (dav_send_one_response): Adjust definition.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764040 13f79535-47bb-0310-9956-ffa450edef68

modules/dav/main/mod_dav.c		diff \| blob \| history
modules/dav/main/mod_dav.h		diff \| blob \| history