From: Jeff Trawick Date: Wed, 24 Mar 2004 02:53:35 +0000 (+0000) Subject: Fix memory corruption problem with ap_custom_response() function. X-Git-Tag: pre_ajp_proxy~462 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e980bec53614a6da93b3f21f830886a50b21ae87;p=apache Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. This is based on an old 1.3 patch submitted by Will Lowe. It needs a minor tweak before committing to 1.3, but he had it pretty darn close. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103120 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 6c147bdffd..84775fda20 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) Fix memory corruption problem with ap_custom_response() function. + The core per-dir config would later point to request pool data + that would be reused for different purposes on different requests. + [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe] + *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack is set in r->subprocess_env allow mismatched query strings to pass. PR 27758. [Paul Querna , Geoffrey Young] diff --git a/include/http_core.h b/include/http_core.h index 2d068764de..de82ac5adf 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -324,6 +324,13 @@ typedef struct { * won't actually be delivered as the response for the non-GET method. */ int deliver_script; + + /* Custom response strings registered via ap_custom_response(), + * or NULL; check per-dir config if nothing found here + */ + char **response_code_strings; /* from ap_custom_response(), not from + * ErrorDocument + */ } core_request_config; /* Standard entries that are guaranteed to be accessible via @@ -426,7 +433,8 @@ typedef struct { * This lets us do quick merges in merge_core_dir_configs(). */ - char **response_code_strings; + char **response_code_strings; /* from ErrorDocument, not from + * ap_custom_response() */ /* Hostname resolution etc */ #define HOSTNAME_LOOKUP_OFF 0 diff --git a/server/core.c b/server/core.c index b77a33b9d1..9218ee0a75 100644 --- a/server/core.c +++ b/server/core.c @@ -678,16 +678,26 @@ AP_DECLARE(int) ap_satisfies(request_rec *r) char *ap_response_code_string(request_rec *r, int error_index) { - core_dir_config *conf; + core_dir_config *dirconf; + core_request_config *reqconf; - conf = (core_dir_config *)ap_get_module_config(r->per_dir_config, - &core_module); + /* check for string registered via ap_custom_response() first */ + reqconf = (core_request_config *)ap_get_module_config(r->request_config, + &core_module); + if (reqconf->response_code_strings != NULL && + reqconf->response_code_strings[error_index] != NULL) { + return reqconf->response_code_strings[error_index]; + } - if (conf->response_code_strings == NULL) { - return NULL; + /* check for string specified via ErrorDocument */ + dirconf = (core_dir_config *)ap_get_module_config(r->per_dir_config, + &core_module); + + if (dirconf->response_code_strings == NULL) { + return NULL; } - return conf->response_code_strings[error_index]; + return dirconf->response_code_strings[error_index]; } @@ -1100,11 +1110,11 @@ static const char *set_document_root(cmd_parms *cmd, void *dummy, AP_DECLARE(void) ap_custom_response(request_rec *r, int status, const char *string) { - core_dir_config *conf = - ap_get_module_config(r->per_dir_config, &core_module); + core_request_config *conf = + ap_get_module_config(r->request_config, &core_module); int idx; - if(conf->response_code_strings == NULL) { + if (conf->response_code_strings == NULL) { conf->response_code_strings = apr_pcalloc(r->pool, sizeof(*conf->response_code_strings) * RESPONSE_CODES);