/[Apache-SVN]
ViewVC logotype

Revision 1850651


Jump to revision: Previous Next
Author: stsp
Date: Mon Jan 7 15:04:15 2019 UTC (5 years, 2 months ago)
Changed paths: 1
Log Message:
Fix a use-after-free in mod_dav_svn's logging of FS warnings.

The FS warning callback could be called with a request context that had
already been deallocated. This resulted in a crash during 'make check'
with ra_serf on OpenBSD. The problem was even documented in a comment:

  /* ### hmm. the FS is cleaned up at request cleanup time. "r" might
     ### not really be valid. we should probably put the FS into a
     ### subpool to ensure it gets cleaned before the request.
     ### is there a good way to create and use a subpool for all
     ### of our functions ... ??
  */

Rather than putting the FS into a subpool, the solution implemented with this
commit installs a pre-cleanup handler on the request pool, which switches the
logging context from the request to its associated connection. This avoids the
use-after-free at the cost of a less precise logging context.

Suggested by: stefan2
https://svn.haxx.se/dev/archive-2018-12/0145.shtml

* subversion/mod_dav_svn/repos.c
  (log_warning): Rename to ...
  (log_warning_req): ... this.
  (log_warning_conn): New logging helper which uses a connection context.
  (cleanup_req_logging_baton, cleanup_req_logging): New APR pool cleanup
   handler which switches FS logging context from a request to a connection.
  (get_resource): Install aforementioned pool cleanup handler.


Changed paths

Path Details
Directorysubversion/trunk/subversion/mod_dav_svn/repos.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26