Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:4666
apache2.openSUSE_13.1_Update
httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_han...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch of Package apache2.openSUSE_13.1_Update
Index: httpd-2.4.6/modules/lua/mod_lua.c =================================================================== --- httpd-2.4.6.orig/modules/lua/mod_lua.c +++ httpd-2.4.6/modules/lua/mod_lua.c @@ -51,9 +51,13 @@ typedef struct { const char *file_name; const char *function_name; ap_lua_vm_spec *spec; - apr_array_header_t *args; } lua_authz_provider_spec; +typedef struct { + lua_authz_provider_spec *spec; + apr_array_header_t *args; +} lua_authz_provider_func; + apr_hash_t *lua_authz_providers; typedef struct @@ -1582,6 +1586,7 @@ static const char *lua_authz_parse(cmd_p { const char *provider_name; lua_authz_provider_spec *spec; + lua_authz_provider_func *func = apr_pcalloc(cmd->pool, sizeof(lua_authz_provider_func)); apr_pool_userdata_get((void**)&provider_name, AUTHZ_PROVIDER_NAME_NOTE, cmd->temp_pool); @@ -1589,16 +1594,17 @@ static const char *lua_authz_parse(cmd_p spec = apr_hash_get(lua_authz_providers, provider_name, APR_HASH_KEY_STRING); ap_assert(spec != NULL); + func->spec = spec; if (require_line && *require_line) { const char *arg; - spec->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); + func->args = apr_array_make(cmd->pool, 2, sizeof(const char *)); while ((arg = ap_getword_conf(cmd->pool, &require_line)) && *arg) { - APR_ARRAY_PUSH(spec->args, const char *) = arg; + APR_ARRAY_PUSH(func->args, const char *) = arg; } } - *parsed_require_line = spec; + *parsed_require_line = func; return NULL; } @@ -1612,7 +1618,8 @@ static authz_status lua_authz_check(requ &lua_module); const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &lua_module); - const lua_authz_provider_spec *prov_spec = parsed_require_line; + const lua_authz_provider_func *prov_func = parsed_require_line; + const lua_authz_provider_spec *prov_spec = prov_func->spec; int result; int nargs = 0; @@ -1634,19 +1641,19 @@ static authz_status lua_authz_check(requ return AUTHZ_GENERAL_ERROR; } ap_lua_run_lua_request(L, r); - if (prov_spec->args) { + if (prov_func->args) { int i; - if (!lua_checkstack(L, prov_spec->args->nelts)) { + if (!lua_checkstack(L, prov_func->args->nelts)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02315) "Error: authz provider %s: too many arguments", prov_spec->name); ap_lua_release_state(L, spec, r); return AUTHZ_GENERAL_ERROR; } - for (i = 0; i < prov_spec->args->nelts; i++) { - const char *arg = APR_ARRAY_IDX(prov_spec->args, i, const char *); + for (i = 0; i < prov_func->args->nelts; i++) { + const char *arg = APR_ARRAY_IDX(prov_func->args, i, const char *); lua_pushstring(L, arg); } - nargs = prov_spec->args->nelts; + nargs = prov_func->args->nelts; } if (lua_pcall(L, 1 + nargs, 1, 0)) { const char *err = lua_tostring(L, -1);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor