packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
httpd/backport-Fix-use-after-free-warning-with-gcc-fanalyzer.patch
chengyechun b004824a4f fix CVE-2024-24795,CVE-2023-38709,CVE-2024-27316 and sync some patches from upstream 
(cherry picked from commit 63648433e7db79115f79ef343c7c065bb260cbe6)
2024-05-07 10:29:57 +08:00

75 lines
2.9 KiB
Diff
Raw Permalink Blame History

From 8fe3cc79d1bcb4a20a0c56853d82e85c8a88b8f5 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Mon, 20 Nov 2023 13:17:25 +0000
Subject: [PATCH] Backport to v2.4:
*) core: Fix use after free warning with gcc -fanalyzer.
trunk patch: http://svn.apache.org/r1892413
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-use-after-free.patch
+1: minfrin, ylavic, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913983 13f79535-47bb-0310-9956-ffa450edef68
Conflict:The changelog contains context adaptation and does not contain the STATUS file
Reference:https://github.com/apache/httpd/commit/8fe3cc79d1bcb4a20a0c56853d82e85c8a88b8f5
---
CHANGES | 2 ++
server/mpm_unix.c | 16 ++++++++++------
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/CHANGES b/CHANGES
index 518b39a..c495da0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.59
+ *) core: Fix use after free warning with gcc -fanalyzer. [Joe Orton]
+
*) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
Changes with Apache 2.4.58
diff --git a/server/mpm_unix.c b/server/mpm_unix.c
index 8c4d233..ed4555a 100644
--- a/server/mpm_unix.c
+++ b/server/mpm_unix.c
@@ -259,10 +259,12 @@ AP_DECLARE(void) ap_reclaim_child_processes(int terminate,
while (cur_extra) {
ap_generation_t old_gen;
extra_process_t *next = cur_extra->next;
+ pid_t pid = cur_extra->pid;
- if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
- mpm_callback(-1, cur_extra->pid, old_gen);
+ if (reclaim_one_pid(pid, action_table[cur_action].action)) {
+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+ /* cur_extra dangling pointer from here. */
+ mpm_callback(-1, pid, old_gen);
}
else {
AP_DEBUG_ASSERT(1 == 0);
@@ -307,10 +309,12 @@ AP_DECLARE(void) ap_relieve_child_processes(ap_reclaim_callback_fn_t *mpm_callba
while (cur_extra) {
ap_generation_t old_gen;
extra_process_t *next = cur_extra->next;
+ pid_t pid = cur_extra->pid;
- if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
- if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
- mpm_callback(-1, cur_extra->pid, old_gen);
+ if (reclaim_one_pid(pid, DO_NOTHING)) {
+ if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+ /* cur_extra dangling pointer from here. */
+ mpm_callback(-1, pid, old_gen);
}
else {
AP_DEBUG_ASSERT(1 == 0);
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink