On Thu, Aug 21, 2014 at 11:13 AM, Philip Martin <[email protected]>
wrote:
> If apr_crypto_get_driver fails the returned error contains a pointer to
> a stack buffer and any access to it by the caller is undefined
> behaviour. Patch against trunk (also applies to 1.5 and 1.4):
>
> * crypto/apr_crypto.c
> (apr_crypto_get_driver): Allocate error data from pool.
>
> Index: crypto/apr_crypto.c
> ===================================================================
> --- crypto/apr_crypto.c (revision 1619404)
> +++ crypto/apr_crypto.c (working copy)
> @@ -198,7 +198,7 @@ APR_DECLARE(apr_status_t) apr_crypto_get_driver(
> if (err && buffer) {
> apr_dso_error(dso, buffer, ERROR_SIZE - 1);
> err->msg = buffer;
> - err->reason = modname;
> + err->reason = apr_pstrdup(pool, modname);
> *result = err;
> }
> }
>
Thanks!
Committed to trunk as r1619438, and to the 1.5.x branch as r1619442.
In the extremely unlikely case that someone wishes to make another 1.4.x
release, they would be expected to check newer branches for applicable
fixes.
> --
> Philip Martin | Subversion Committer
> WANdisco // *Non-Stop Data*
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
