From 7a276e463efdc65b8943e6ec4ba51f6b0cc3e68f Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Sat, 5 Sep 2015 16:58:11 +0000 Subject: [PATCH] Merge r1688660 from trunk: mod_authz_dbd: Avoid a crash when lacking correct DB access permissions. PR 57868. Submitted by: Jose Kahan Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701404 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 8 -------- modules/aaa/mod_authz_dbd.c | 13 +++++++++++++ 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index f2e8b621e7..0b42d8ce41 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.17 + *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions. + PR 57868. [Jose Kahan , Yann Ylavic] + *) mod_dir: Prevent the internal identifier "httpd/unix-directory" from appearing as a Content-Type response header when requests for a directory are rewritten by mod_rewrite. [Eric Covener] diff --git a/STATUS b/STATUS index ac368279e3..d88b5685ac 100644 --- a/STATUS +++ b/STATUS @@ -109,14 +109,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions. - PR 57868. - trunk: http://svn.apache.org/r1688660 - 2.4.x: trunk works modulo CHANGES and next-number - +1: jailletc36, ylavic, niq - jailletc36: I'm just wondering why the log message speak about "dbd-query" - while other messages around are about "dbd-group"? - *) mod_rewrite: Avoid a crash when lacking correct DB access permissions when using RewriteMap with MapType dbd or fastdbd. PR 57868. diff --git a/modules/aaa/mod_authz_dbd.c b/modules/aaa/mod_authz_dbd.c index a165eb0ec9..628a165dea 100644 --- a/modules/aaa/mod_authz_dbd.c +++ b/modules/aaa/mod_authz_dbd.c @@ -126,6 +126,13 @@ static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg, "No query configured for %s!", action); return HTTP_INTERNAL_SERVER_ERROR; } + if (dbd == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02902) + "No db handle available for %s! " + "Check your database access", + action); + return HTTP_INTERNAL_SERVER_ERROR; + } query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING); if (query == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01643) @@ -212,6 +219,12 @@ static int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg, "No query configured for dbd-group!"); return HTTP_INTERNAL_SERVER_ERROR; } + if (dbd == NULL) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02903) + "No db handle available for dbd-query! " + "Check your database access"); + return HTTP_INTERNAL_SERVER_ERROR; + } query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING); if (query == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01650) -- 2.40.0