DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35862>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35862 Summary: Tomcat Connector:JK/AJP: JK Status Worker accesses freed memory for NSAPI plugin Product: Tomcat 4 Version: 4.1.31 Platform: Sun OS/Version: Solaris Status: NEW Severity: minor Priority: P3 Component: Connector:JK/AJP AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] For release 1.2.13 of jakarta-tomcat-connectors: Problem 1: the NSAPI plugin under <root>/jk/native/netscape/jk_nsapi_plugin.c frees() the initial workers map structure, init_map, at the end of the jk_init (...) function. As the jk_status.c worker uses the list of workers stored within this structure, when the jk_status worker is used by the NSAPI plugin, it attempts to read freed memory. Problem 2: the NSAPI plugin under <root>/jk/native/netscape/jk_nsapi_plugin.c does not use the uri_to_worker map within the jk_worker_env_t structure (as this is done inside the netscape configuration files), however, the jk_status worker attempts to access the (uw_map) attached to the current jk_ws_service without a null check, thus causing the jk_status worker to attempt to dereference a null pointer. Attached is a diff output of the changes between the jk_nsapi_plugin.c supplied within the jakarta-tomcat-connectors-1.2.13-src package, and a modified version of this file which fixes this problem by adding a uri_to_worker map, and having a static init_map structure: --- 56,57d55 < static jk_map_t *init_map = NULL; < static jk_uri_worker_map_t *uw_map = NULL; 89c87 < init_map = (jk_map_t *)init_d; --- > jk_map_t *init_map = (jk_map_t *)init_d; 93,101c91 < if (uri_worker_map_alloc(&uw_map, NULL, logger)) { < uw_map->fname = ""; < worker_env.uri_to_worker = uw_map; < init_on_other_thread_is_ok = JK_TRUE; < } < else { < jk_log(logger, JK_LOG_EMERG, < "In init_workers_on_other_threads, failed"); < } --- > init_on_other_thread_is_ok = JK_TRUE; 227a218 > jk_map_t *init_map; 271a263,264 > > jk_map_free(&init_map); 289,292d281 < if (uw_map) { < uri_worker_map_free(&uw_map, logger); < } < 297,300d285 < < if (init_map) { < jk_map_free(&init_map); < } 410d394 < s->uw_map = uw_map; -- -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
