| Jim Gallacher (JIRA) 2005-06-01, 5:46 pm |
| [ http://issues.apache.org/jira/brows...HON-58?page=all ]
Jim Gallacher updated MODPYTHON-58:
-----------------------------------
Description:
All of the following calls will cause a segfault when the index is greater than the number of global mutexes available or index < -1.
eg. 32 mutexes created on apache startup
index = 100
_apache._global_lock(req.server, None, index)
_global_unlock(req.server, None, index)
_apache._global_trylock(req.server, None, index)
For all of the corresponding functions in _apachemodule.c, the value of index is not checked before using it to access the contents of the global array of mutex locks.
eg.
rv = apr_global_mutex_lock(glb->g_locks[index]);
I'll attach a patch for all three functions that does this check.
eg.
if ((index >= (glb->nlocks)) || (index < -1)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Index %d is out of range for number of global mutex locks", index);
PyErr_SetString(PyExc_ValueError,
"Lock index is out of range for number of global mutex locks");
return NULL;
}
was:
All of the following calls will cause a segfault when the index is greater than the number of global mutexes available or index < -1.
eg. 32 mutexes created on apache startup
index = 100
_apache._global_lock(req.server, None, index)
_global_unlock(req.server, None, index)
_apache._global_trylock(req.server, None, index)
For all of the corresponding functions in _apachemodule.c, the value of index is not checked before using it to access the contents of the global array of mutex locks.
eg.
rv = apr_global_mutex_lock(glb->g_locks[index]);
I'll attach a patch for all three functions that does this check.
eg.
if ((index > (glb->nlocks)) || (index < -1)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Index %d is out of range for number of global mutex locks", index);
PyErr_SetString(PyExc_ValueError,
"Lock index is out of range for number of global mutex locks");
return NULL;
}
Stupid off by one error in the example.
> _apache._global_lock results in segfault when index > number of mutexes
> -----------------------------------------------------------------------
>
> Key: MODPYTHON-58
> URL: http://issues.apache.org/jira/browse/MODPYTHON-58
> Project: mod_python
> Type: Bug
> Components: core
> Versions: 3.1.4, 3.1.3, 3.2.0
> Environment: All
> Reporter: Jim Gallacher
> Priority: Minor
> Attachments: apachemodule.c-jg20050601-1.diff
>
> All of the following calls will cause a segfault when the index is greater than the number of global mutexes available or index < -1.
> eg. 32 mutexes created on apache startup
> index = 100
> _apache._global_lock(req.server, None, index)
> _global_unlock(req.server, None, index)
> _apache._global_trylock(req.server, None, index)
> For all of the corresponding functions in _apachemodule.c, the value of index is not checked before using it to access the contents of the global array of mutex locks.
> eg.
> rv = apr_global_mutex_lock(glb->g_locks[index]);
> I'll attach a patch for all three functions that does this check.
> eg.
> if ((index >= (glb->nlocks)) || (index < -1)) {
> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
> "Index %d is out of range for number of global mutex locks", index);
> PyErr_SetString(PyExc_ValueError,
> "Lock index is out of range for number of global mutex locks");
> return NULL;
> }
|