[packages/apache] Rel 2; fixes segfaults with itk mpm - https://bz.apache.org/bugzilla/show_bug.cgi?id=65627

Wed Oct 13 16:52:05 CEST 2021

commit 4d3d9679a50f110daf36626239ce2a2b92659f77
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Oct 13 14:51:31 2021 +0000

    Rel 2; fixes segfaults with itk mpm - https://bz.apache.org/bugzilla/show_bug.cgi?id=65627

 bug-65627.patch | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
---

diff --git a/bug-65627.patch b/bug-65627.patch
new file mode 100644
index 0000000..0afb08e
--- /dev/null
+++ b/bug-65627.patch
@@ -0,0 +1,65 @@
+commit 59b7c104ce06c90be20ff50435d912a444341245
+Author: Yann Ylavic <ylavic at apache.org>
+Date:   Tue Oct 12 16:48:18 2021 +0000
+
+    *) core: Be safe with ap_lingering_close() called with a socket NULL-ed.
+    
+    PR 65627.
+    
+    mod_itk seems to:
+      ap_set_core_module_config(c->conn_config, NULL)
+    before calling ap_lingering_close(), causing a crash after r1891721.
+    Until we have an API to no-op ap_lingering_close(), let's be safe.
+    
+    * server/connection.c(ap_start_lingering_close):
+      The socket should not be NULL here, add an assertion.
+    
+    * server/connection.c(ap_lingering_close):
+      Set c->aborted if the socket is NULL, and give up.
+    
+    Submitted by: acmondor <bz.apache.org acmondor.ca>, ylavic
+    
+    
+    
+    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894171 13f79535-47bb-0310-9956-ffa450edef68
+
+diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt
+new file mode 100644
+index 0000000000..43cc6930b5
+--- /dev/null
++++ b/changes-entries/ap_lingering_close-NULL.txt
+@@ -0,0 +1,3 @@
++  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
++     a third-party module.  PR 65627.
++     [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
+diff --git a/server/connection.c b/server/connection.c
+index f89ac553c6..a7a51cf741 100644
+--- a/server/connection.c
++++ b/server/connection.c
+@@ -145,9 +145,7 @@ AP_DECLARE(int) ap_start_lingering_close(conn_rec *c)
+ {
+     apr_socket_t *csd = ap_get_conn_socket(c);
+ 
+-    if (!csd) {
+-        return 1;
+-    }
++    ap_assert(csd != NULL);
+ 
+     if (ap_prep_lingering_close(c)) {
+         return 1;
+@@ -178,6 +176,15 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
+     apr_time_t now, timeup = 0;
+     apr_socket_t *csd = ap_get_conn_socket(c);
+ 
++    if (!csd) {
++        /* Be safe with third-party modules that:
++         *   ap_set_core_module_config(c->conn_config, NULL)
++         * to no-op ap_lingering_close().
++         */
++        c->aborted = 1;
++        return;
++    }
++
+     if (ap_start_lingering_close(c)) {
+         apr_socket_close(csd);
+         return;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/4d3d9679a50f110daf36626239ce2a2b92659f77

