Package: libapache2-mod-auth-openid
Version: 0.7-0.1
Severity: normal
Tags: upstream patch
Control: forwarded -1
https://lists.butterfat.net/pipermail/mod-auth-openid/2012-October/000121.html
under certain configurations, apache will crash with mod_auth_openid
installed.
The cause of this crash appears to be a segmentation fault when
str_replace is called with an empty string (e.g. when a query
parameter has an empty name or value, and it gets passed to
url_decode() from parse_query_string()).
The attached patch (already forwarded to the upstream mailing list,
visible at the URL above) resolves the problem.
Regards,
--dkg
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-3-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
commit ffbe08809bfeef03c922851cc2760bba83d8dca9
Author: Daniel Kahn Gillmor <[email protected]>
Date: Tue Oct 9 17:42:07 2012 -0400
avoid a segfault in str_replace when haystack is the empty string
diff --git a/src/moid_utils.cpp b/src/moid_utils.cpp
index 90a8a4c..4c20a55 100644
--- a/src/moid_utils.cpp
+++ b/src/moid_utils.cpp
@@ -96,9 +96,11 @@ namespace modauthopenid {
string str_replace(string needle, string replacement, string haystack) {
vector<string> v = explode(haystack, needle);
string r = "";
- for(vector<string>::size_type i=0; i < v.size()-1; i++)
- r += v[i] + replacement;
- r += v[v.size()-1];
+ if (v.size()) {
+ for(vector<string>::size_type i=0; i < v.size()-1; i++)
+ r += v[i] + replacement;
+ r += v[v.size()-1];
+ }
return r;
};
