Log Message: |
Fix a use-after-free in mod_dav_svn's logging of FS warnings.
The FS warning callback could be called with a request context that had
already been deallocated. This resulted in a crash during 'make check'
with ra_serf on OpenBSD. The problem was even documented in a comment:
/* ### hmm. the FS is cleaned up at request cleanup time. "r" might
### not really be valid. we should probably put the FS into a
### subpool to ensure it gets cleaned before the request.
### is there a good way to create and use a subpool for all
### of our functions ... ??
*/
Rather than putting the FS into a subpool, the solution implemented with this
commit installs a pre-cleanup handler on the request pool, which switches the
logging context from the request to its associated connection. This avoids the
use-after-free at the cost of a less precise logging context.
Suggested by: stefan2
https://svn.haxx.se/dev/archive-2018-12/0145.shtml
* subversion/mod_dav_svn/repos.c
(log_warning): Rename to ...
(log_warning_req): ... this.
(log_warning_conn): New logging helper which uses a connection context.
(cleanup_req_logging_baton, cleanup_req_logging): New APR pool cleanup
handler which switches FS logging context from a request to a connection.
(get_resource): Install aforementioned pool cleanup handler.
|