Skip to content

Commit 228a45d

Browse files
author
Jan Kaluža
committed
* mod_authn_dbd: apr_pstrdup dbd_password and dbd_hash to fix use-after-free
bug with postgresql git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1663647 13f79535-47bb-0310-9956-ffa450edef68
1 parent cf8b870 commit 228a45d

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

modules/aaa/mod_authn_dbd.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,8 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
174174
i++;
175175
}
176176
#endif
177-
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
177+
dbd_password = apr_pstrdup(r->pool,
178+
apr_dbd_get_entry(dbd->driver, row, 0));
178179
}
179180
/* we can't break out here or row won't get cleaned up */
180181
}
@@ -269,7 +270,8 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
269270
i++;
270271
}
271272
#endif
272-
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
273+
dbd_hash = apr_pstrdup(r->pool,
274+
apr_dbd_get_entry(dbd->driver, row, 0));
273275
}
274276
/* we can't break out here or row won't get cleaned up */
275277
}

0 commit comments

Comments
 (0)