From: Stefan Fritsch Date: Wed, 20 Oct 2010 19:53:57 +0000 (+0000) Subject: Be extra careful to only pass the main server config to X-Git-Tag: 2.3.9~247 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5390992e038811bb1d63ff66ee0644b3f567642c;p=apache Be extra careful to only pass the main server config to ap_find_loaded_module_symbol. Fixes a segfault when using per-module LogLevel on virtual host scope. PR: 50117 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1025702 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 2e3522dda4..1ed0f63c83 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.3.9 Fix a denial of service attack against mod_reqtimeout. [Stefan Fritsch] + *) core: Fix segfault if per-module LogLevel is on virtual host + scope. PR 50117. [Stefan Fritsch] + *) mod_proxy: Move the ProxyErrorOverride directive to have per directory scope. [Graham Leggett] diff --git a/server/core.c b/server/core.c index 50f82029f7..b687e9e7ce 100644 --- a/server/core.c +++ b/server/core.c @@ -2059,7 +2059,23 @@ static module *find_module(server_rec *s, const char *name) APR_RETRIEVE_OPTIONAL_FN(ap_find_loaded_module_symbol); if (check_symbol) { - found = check_symbol(s, name); + /* + * There are two phases where calling ap_find_loaded_module_symbol + * is problematic: + * + * During reading of the config, ap_server_conf is invalid but s + * points to the main server config, if passed from cmd->server + * of an EXEC_ON_READ directive. + * + * During config parsing, s may be a virtual host that would cause + * a segfault in mod_so if passed to ap_find_loaded_module_symbol, + * because mod_so's server config for vhosts is initialized later. + * But ap_server_conf is already set at this time. + * + * Therefore we use s if it is not virtual and ap_server_conf if + * s is virtual. + */ + found = check_symbol(s->is_virtual ? ap_server_conf : s, name); } }