The issue is use of uninitialized memory in util_ldap_cache_init() [in util_ldap_cache.c]. This routine declares a variable on stack, 'rmm_lock', and passes it to apr_rmm_init() without initializing it. apr_rmm_init() expects this argument to be initialized and causes a later crash on Windows as a result of finding random gargly-gook in this structure and interpretting it in such a way that does not match the reality of the situation.
My patch (sorry I'm new at this and don't know how to generate proper patches :-( ) is to no longer declare this variable and pass NULL to apr_rmm_init() in its place -- as apr_rmm_init() can take a NULL for this argument. This seems to work fine on Windows and Solaris -- though I can't get this module to load on AIX (no, I've not yet tried the original code....)
The line are (in patch pseudo-syntax):
Lines 293-297:
and lines 305-308:apr_status_t util_ldap_cache_init(apr_pool_t *pool, apr_size_t reqsize)
{
- apr_anylock_t rmm_lock;
#if APR_HAS_SHARED_MEMORY
/* This will create a rmm "handler" to get into the shared memory area */The only alternative that I see is to add a call to initialize 'rmm_lock', but from my brief scan it would appear that passing null is a more efficient way of accomplishing the same thing.
- apr_rmm_init(&util_ldap_rmm, &rmm_lock,
+ apr_rmm_init(&util_ldap_rmm, NULL,
(void *)apr_shm_baseaddr_get(util_ldap_shm), reqsize, pool);
#endif
Any comments?
--
Jess Holle
