[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in handle_redirect function in client.c
From: |
Green, Paul |
Subject: |
Bug in handle_redirect function in client.c |
Date: |
Thu, 29 Aug 2013 21:08:55 +0000 |
The cvs client-20 self-test deliberately sets up a negative test that, if it
fails, will never terminate. There is a latent defect in the handle_redirect
function in client.c that can, under some circumstances, lead to the client-20
self-test getting into an infinite loop.
The problem is that the caller of handle_redirect passes in a character string
that has been allocated in the heap, and shortly after handle_redirect returns,
frees this storage. Sadly, handle_redirect can squirrel away a pointer to this
storage. See "get_server_responses", also in client.c
We tripped over this on OpenVOS Release 17.2 because (AFAICT), the storage
allocator does a better job reusing freed storage.
Extracted from client.c, version 1.12.13; the code in the "#ifdef __VOS__"
branch eliminates the reference to soon-to-be-freed storage, and we can now run
the self-tests again.
static void
handle_redirect (char *args, size_t len)
{
static List *redirects = NULL;
TRACE (TRACE_FUNCTION, "handle_redirect (%s)", args);
if (redirects && findnode (redirects, args))
error (1, 0, "`Redirect' loop detected. Server misconfiguration?");
else
{
if (!redirects) redirects = getlist();
#ifdef __VOS__
push_string (redirects, xstrdup (args));
#else
push_string (redirects, args);
#endif
}
Thanks
PG
--
Sr. Technical Consultant, Stratus Technologies Inc.
Office: +1-978-461-7557; Mobile: +1-978-235-2451; Twitter: @stratuspaulg
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug in handle_redirect function in client.c,
Green, Paul <=