Merge r1442865, r1442759, r1442326, r1442309, r1448171, r1418556, r14…

…48453, r1425771, r1425772, r1425775 from trunk: Change bzero/bcopy into memset/memcpy PR 54346 Can't figure out why we allocate len+2 bytes here. Len+1 should be enough. Fix valgrind warning about uninitialized memory in argument to semctl PR: 53690 Submitted by: Mikhail T. <mi+apache aldan algebra com> fix valgrind warnings about uninitialized memory in syscall arguments This is useful info for mod_status ;) Add some __attribute__ for automatic format checking. Correct one catch in sed0.c. Correct some spelling. Replace strdup by ap_malloc to ensure a proper error message if out-of-memory. While there, only allocate memory for the string part we actually use. PR: 54345 Exit with error message if out of mem htdbm, htpasswd: print error message if out of memory PR: 54345 Submitted by: jailletc36, sf, sf, jim, jailletc36, minfrin, sf, sf, sf Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1455225 13f79535-47bb-0310-9956-ffa450edef68
git-mirror · Mar 11, 2013 · 5106119 · 5106119
1 parent bf208be
commit 5106119
Show file tree

Hide file tree

Showing 16 changed files with 64 additions and 49 deletions.
diff --git a/STATUS b/STATUS
@@ -90,39 +90,11 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-
-  * Set of easy patches to keep 2.4.x in line with trunk
-       1442865: Change bzero/bcopy into memset/memcpy (PR 54346)
-       1442759: Can't figure out why we allocate len+2 bytes here. Len+1 should be enough.
-       1442326: Fix valgrind warning about uninitialized memory in argument to semctl (PR 53690)
-       1442309: fix valgrind warnings about uninitialized memory in syscall arguments
-       1448171: This is useful info for mod_status ;)
-       1418556: Add some __attribute__ for automatic format checking.
-       1448453: Correct some spelling.
-       1425771: Replace strdup by ap_malloc to ensure a proper error message if out-of-memory. (PR 54345)
-       1425772: Exit with error message if out of mem (PR 54345)
-       1425775: htdbm, htpasswd: print error message if out of memory (PR 54345)
-    trunk patches: 
-       http://svn.apache.org/viewvc?view=revision&revision=1442865
-       http://svn.apache.org/viewvc?view=revision&revision=1442759
-       http://svn.apache.org/viewvc?view=revision&revision=1442326
-       http://svn.apache.org/viewvc?view=revision&revision=1442309
-       http://svn.apache.org/viewvc?view=revision&revision=1448171
-       http://svn.apache.org/viewvc?view=revision&revision=1418556
-       http://svn.apache.org/viewvc?view=revision&revision=1448453
-       http://svn.apache.org/viewvc?view=revision&revision=1425771
-       http://svn.apache.org/viewvc?view=revision&revision=1425772
-       http://svn.apache.org/viewvc?view=revision&revision=1425775
-    2.4.x patch: trunk patches apply (minus CHANGES for 1448171)
-    2.4.x cumulative patch: http://people.apache.org/~jailletc36/backport5.patch (minus CHANGES for 1448171)
-    +1: jailletc36, igalic, jim
-
   * mod_cache_disk: fix merge of min/max file size by setting corresponding _set
     trunk patch: http://svn.apache.org/r1453604
     2.4.x patch: trunk patch works
     +1: humbedooh, jim, covener
 
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

diff --git a/include/httpd.h b/include/httpd.h
@@ -1388,7 +1388,7 @@ AP_DECLARE(char *) ap_ht_time(apr_pool_t *p, apr_time_t t, const char *fmt, int
    char **) */
 
 /**
- * Get the characters until the first occurance of a specified character
+ * Get the characters until the first occurrence of a specified character
  * @param p The pool to allocate memory from
  * @param line The string to get the characters from
  * @param stop The character to stop at
@@ -1397,7 +1397,7 @@ AP_DECLARE(char *) ap_ht_time(apr_pool_t *p, apr_time_t t, const char *fmt, int
 AP_DECLARE(char *) ap_getword(apr_pool_t *p, const char **line, char stop);
 
 /**
- * Get the characters until the first occurance of a specified character
+ * Get the characters until the first occurrence of a specified character
  * @param p The pool to allocate memory from
  * @param line The string to get the characters from
  * @param stop The character to stop at
@@ -1426,22 +1426,22 @@ AP_DECLARE(char *) ap_getword_white(apr_pool_t *p, const char **line);
 AP_DECLARE(char *) ap_getword_white_nc(apr_pool_t *p, char **line);
 
 /**
- * Get all characters from the first occurance of @a stop to the first "\0"
+ * Get all characters from the first occurrence of @a stop to the first "\0"
  * @param p The pool to allocate memory from
  * @param line The line to traverse
  * @param stop The character to start at
- * @return A copy of all caracters after the first occurance of the specified
+ * @return A copy of all characters after the first occurrence of the specified
  *         character
  */
 AP_DECLARE(char *) ap_getword_nulls(apr_pool_t *p, const char **line,
                                     char stop);
 
 /**
- * Get all characters from the first occurance of @a stop to the first "\0"
+ * Get all characters from the first occurrence of @a stop to the first "\0"
  * @param p The pool to allocate memory from
  * @param line The line to traverse
  * @param stop The character to start at
- * @return A copy of all caracters after the first occurance of the specified
+ * @return A copy of all characters after the first occurrence of the specified
  *         character
  * @note The same as ap_getword_nulls(), except it doesn't use const char **.
  */

diff --git a/include/util_filter.h b/include/util_filter.h
@@ -332,8 +332,8 @@ AP_DECLARE(apr_status_t) ap_pass_brigade(ap_filter_t *filter,
 AP_DECLARE(apr_status_t) ap_pass_brigade_fchk(request_rec *r,
                                               apr_bucket_brigade *bucket,
                                               const char *fmt,
-                                              ...);
-
+                                              ...)
+                                              __attribute__((format(printf,3,4)));
 
 /**
  * This function is used to register an input filter with the system.

diff --git a/modules/filters/regexp.h b/modules/filters/regexp.h
@@ -69,7 +69,8 @@ typedef struct _sed_comp_args {
 
 extern char *sed_compile(sed_commands_t *commands, sed_comp_args *compargs,
                          char *ep, char *endbuf, int seof);
-extern void command_errf(sed_commands_t *commands, const char *fmt, ...);
+extern void command_errf(sed_commands_t *commands, const char *fmt, ...)
+                         __attribute__((format(printf,2,3)));
 
 #define SEDERR_CGMES "command garbled: %s"
 #define SEDERR_SMMES "Space missing before filename: %s"

diff --git a/modules/filters/sed0.c b/modules/filters/sed0.c
@@ -275,7 +275,7 @@ static int fcomp(sed_commands_t *commands, apr_file_t *fin)
         }
 
         if(p > &commands->respace[RESIZE-1]) {
-            command_errf(commands, SEDERR_TMMES);
+            command_errf(commands, SEDERR_TMMES, commands->linebuf);
             return -1;
         }
 

diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c
@@ -405,6 +405,8 @@ static int status_handler(request_rec *r)
                   ")</h1>\n\n", NULL);
         ap_rvputs(r, "<dl><dt>Server Version: ",
                   ap_get_server_description(), "</dt>\n", NULL);
+        ap_rvputs(r, "<dt>Server MPM: ",
+                  ap_show_mpm(), "</dt>\n", NULL);
         ap_rvputs(r, "<dt>Server Built: ",
                   ap_get_server_built(), "\n</dt></dl><hr /><dl>\n", NULL);
         ap_rvputs(r, "<dt>Current Time: ",
@@ -953,4 +955,3 @@ AP_DECLARE_MODULE(status) =
     NULL,                       /* command table */
     register_hooks              /* register_hooks */
 };
-
diff --git a/modules/slotmem/mod_slotmem_shm.c b/modules/slotmem/mod_slotmem_shm.c
@@ -91,7 +91,7 @@ static apr_status_t unixd_set_shm_perms(const char *fname)
 {
 #ifdef AP_NEED_SET_MUTEX_PERMS
 #if APR_USE_SHMEM_SHMGET || APR_USE_SHMEM_SHMGET_ANON
-    struct shmid_ds shmbuf;
+    struct shmid_ds shmbuf = { { 0 } };
     key_t shmkey;
     int shmid;
 

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
@@ -241,7 +241,7 @@ AP_DECLARE(apr_status_t) ap_unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex)
             };
 #endif
             union semun ick;
-            struct semid_ds buf;
+            struct semid_ds buf = { { 0 } };
 
             apr_os_proc_mutex_get(&ospmutex, pmutex);
             buf.sem_perm.uid = ap_unixd_config.user_id;

diff --git a/server/config.c b/server/config.c
@@ -599,7 +599,8 @@ AP_DECLARE(const char *) ap_add_module(module *m, apr_pool_t *p,
             len -= slen;
         }
 
-        ap_module_short_names[m->module_index] = strdup(sym_name);
+        ap_module_short_names[m->module_index] = ap_malloc(len + 1);
+        memcpy(ap_module_short_names[m->module_index], sym_name, len);
         ap_module_short_names[m->module_index][len] = '\0';
         merger_func_cache[m->module_index] = m->merge_dir_config;
     }
@@ -623,8 +624,9 @@ AP_DECLARE(const char *) ap_add_module(module *m, apr_pool_t *p,
 
     /* We cannot fix the string in-place, because it's const */
     if (m->name[strlen(m->name)-1] == ')') {
-        char *tmp = strdup(m->name); /* FIXME: memory leak, albeit a small one */
-        tmp[strlen(tmp)-1] = '\0';
+        char *tmp = ap_malloc(strlen(m->name)); /* FIXME: memory leak, albeit a small one */
+        memcpy(tmp, m->name, strlen(m->name)-1);
+        tmp[strlen(m->name)-1] = '\0';
         m->name = tmp;
     }
 #endif /*_OSD_POSIX*/

diff --git a/server/util.c b/server/util.c
@@ -752,7 +752,7 @@ AP_DECLARE(char *) ap_getword_nulls(apr_pool_t *atrans, const char **line,
 static char *substring_conf(apr_pool_t *p, const char *start, int len,
                             char quote)
 {
-    char *result = apr_palloc(p, len + 2);
+    char *result = apr_palloc(p, len + 1);
     char *resp = result;
     int i;
 

diff --git a/support/htdbm.c b/support/htdbm.c
@@ -110,6 +110,7 @@ static apr_status_t htdbm_init(apr_pool_t **pool, htdbm_t **hdbm)
 #endif
 
     apr_pool_create( pool, NULL);
+    apr_pool_abort_set(abort_on_oom, *pool);
     apr_file_open_stderr(&errfile, *pool);
     apr_signal(SIGINT, (void (*)(int)) htdbm_interrupted);
 

diff --git a/support/htpasswd.c b/support/htpasswd.c
@@ -274,6 +274,7 @@ int main(int argc, const char * const argv[])
     apr_app_initialize(&argc, &argv, NULL);
     atexit(terminate);
     apr_pool_create(&pool, NULL);
+    apr_pool_abort_set(abort_on_oom, pool);
     apr_file_open_stderr(&errfile, pool);
     ctx.pool = pool;
     ctx.alg = ALG_APMD5;

diff --git a/support/passwd_common.c b/support/passwd_common.c
@@ -46,6 +46,24 @@
 
 apr_file_t *errfile;
 
+int abort_on_oom(int rc)
+{
+    const char *buf = "Error: out of memory\n";
+    int written, count = strlen(buf);
+    do {
+        written = write(STDERR_FILENO, buf, count);
+        if (written == count)
+            break;
+        if (written > 0) {
+            buf += written;
+            count -= written;
+        }
+    } while (written >= 0 || errno == EINTR);
+    abort();
+    /* NOTREACHED */
+    return 0;
+}
+
 static int generate_salt(char *s, size_t size, const char **errstr,
                          apr_pool_t *pool)
 {
@@ -207,6 +225,8 @@ int mkhash(struct passwd_ctx *ctx)
         apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
         if (strlen(pw) > 8) {
             char *truncpw = strdup(pw);
+            if (truncpw == NULL)
+                abort_on_oom(0);
             truncpw[8] = '\0';
             if (!strcmp(ctx->out, crypt(truncpw, salt))) {
                 apr_file_printf(errfile, "Warning: Password truncated to 8 "

diff --git a/support/passwd_common.h b/support/passwd_common.h
@@ -84,6 +84,12 @@ struct passwd_ctx {
     } passwd_src;
 };
 
+
+/*
+ * To be used as apr_pool_abort_fn
+ */
+int abort_on_oom(int rc);
+
 /*
  * Write a line to the file. On error, print a message and exit
  */

diff --git a/support/suexec.c b/support/suexec.c
@@ -217,11 +217,15 @@ static void clean_env(void)
 
     if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
         log_err("failed to malloc memory for environment\n");
-        exit(120);
+        exit(123);
     }
 
     sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
     cleanenv[cidx] = strdup(pathbuf);
+    if (cleanenv[cidx] == NULL) {
+        log_err("failed to malloc memory for environment\n");
+        exit(124);
+    }
     cidx++;
 
     for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
@@ -396,7 +400,10 @@ int main(int argc, char *argv[])
         }
     }
     gid = gr->gr_gid;
-    actual_gname = strdup(gr->gr_name);
+    if ((actual_gname = strdup(gr->gr_name)) == NULL) {
+        log_err("failed to alloc memory\n");
+        exit(125);
+    }
 
 #ifdef _OSD_POSIX
     /*
@@ -431,6 +438,10 @@ int main(int argc, char *argv[])
     uid = pw->pw_uid;
     actual_uname = strdup(pw->pw_name);
     target_homedir = strdup(pw->pw_dir);
+    if (actual_uname == NULL || target_homedir == NULL) {
+        log_err("failed to alloc memory\n");
+        exit(126);
+    }
 
     /*
      * Log the transaction here to be sure we have an open log

diff --git a/test/test_limits.c b/test/test_limits.c
@@ -124,8 +124,8 @@ main(int argc, char *argv[])
         perror("gethostbyname");
         exit(1);
     }
-    bzero(&sin, sizeof(sin));
-    bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
+    memset(&sin, sizeof(sin));
+    memcpy((char *)&sin.sin_addr, he->h_addr, he->h_length);
     sin.sin_family = he->h_addrtype;
     sin.sin_port = htons(port);