freebsd-ports/www/mod_dav/files/patch-dav_fs_lock.c
Clement Laforet b2fdfc4659 - backport security fix from apache2.
*) SECURITY: CAN-2004-0809 (cve.mitre.org)
     mod_dav_fs: Fix a segfault in the handling of an indirect lock
     refresh.  PR 31183.  [Joe Orton]

Requested by:   nectar
Approved by:    portmgr (marcus)
2004-09-15 20:07:02 +00:00

40 lines
1.4 KiB
C

--- dav_fs_lock.c.orig Sat Dec 2 00:32:23 2000
+++ dav_fs_lock.c Wed Sep 15 21:50:09 2004
@@ -77,7 +77,7 @@
** INDIRECT LOCK: [char (DAV_LOCK_INDIRECT),
** uuid_t locktoken,
** time_t expires,
-** int key_size,
+** size_t key_size,
** char[] key]
** The key is to the collection lock that resulted in this indirect lock
*/
@@ -166,7 +166,7 @@
/* Stored indirect lock info - lock token and dav_datum */
#define dav_size_indirect(a) (1 + sizeof(uuid_t) \
+ sizeof(time_t) \
- + sizeof(int) + (a)->key.dsize)
+ + sizeof((a)->key.dsize) + (a)->key.dsize)
/*
** The lockdb structure.
@@ -1456,13 +1456,13 @@
}
if (dav_fs_do_refresh(dp_scan, ltl, new_time)) {
/* the lock was refreshed. return the lock. */
- newlock = dav_fs_alloc_lock(lockdb, ip->key, dp->locktoken);
+ newlock = dav_fs_alloc_lock(lockdb, ip->key, dp_scan->locktoken);
newlock->is_locknull = !resource->exists;
- newlock->scope = dp->f.scope;
- newlock->type = dp->f.type;
- newlock->depth = dp->f.depth;
- newlock->timeout = dp->f.timeout;
- newlock->owner = dp->owner;
+ newlock->scope = dp_scan->f.scope;
+ newlock->type = dp_scan->f.type;
+ newlock->depth = dp_scan->f.depth;
+ newlock->timeout = dp_scan->f.timeout;
+ newlock->owner = dp_scan->owner;
newlock->auth_user = dp_scan->auth_user;
newlock->next = *locks;