diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-09-07 14:46:25 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-09-07 14:46:25 +0000 |
| commit | ecae506473d694bd6843d2cbcf878e052a404204 (patch) | |
| tree | 18b0f2f17552e9bf48f3bddb3348261fec18ee83 /usr.sbin/httpd | |
| parent | 6b7d0662f1058d688df3a26190f457490da37541 (diff) | |
Fix a regression that was introduced with server.c r1.64: Do NOT free
srv_conf->auth in serverconfig_free() because it was not allocated in
config_getserver() but assigned as a reference by id from a global
list that is maintained independently. This fixes a potential
double-free. This fix also makes srv_conf->auth "const" to emphasize
that the read-only auth pointer was not allocated here.
OK jsing@
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/httpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/server.c | 3 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 4 |
3 files changed, 5 insertions, 6 deletions
diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index f1c60905556..41d100c7176 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.97 2015/08/20 13:00:23 reyk Exp $ */ +/* $OpenBSD: httpd.h,v 1.98 2015/09/07 14:46:24 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -454,7 +454,7 @@ struct server_config { char auth_realm[NAME_MAX]; uint32_t auth_id; - struct auth *auth; + const struct auth *auth; int return_code; char *return_uri; diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 21593bf347f..986250ae8ac 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.75 2015/08/20 13:00:23 reyk Exp $ */ +/* $OpenBSD: server.c,v 1.76 2015/09/07 14:46:24 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -313,7 +313,6 @@ server_purge(struct server *srv) void serverconfig_free(struct server_config *srv_conf) { - free(srv_conf->auth); free(srv_conf->return_uri); free(srv_conf->tls_cert_file); free(srv_conf->tls_key_file); diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 8ed98b56583..f64c892b9c8 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.98 2015/08/21 07:30:50 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.99 2015/09/07 14:46:24 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -134,7 +134,7 @@ server_http_authenticate(struct server_config *srv_conf, struct client *clt) char decoded[1024]; FILE *fp = NULL; struct http_descriptor *desc = clt->clt_descreq; - struct auth *auth = srv_conf->auth; + const struct auth *auth = srv_conf->auth; struct kv *ba, key; size_t linesize = 0; ssize_t linelen; |