Commit 9d0b07d4 authored by Greg Stein's avatar Greg Stein
Browse files

Fix a problem found by Ryan when deleting collections, which triggered an 

underlying (broad) bug. dav_add_response() was assuming the walk params were
a dav_walker_ctx. During the walker cleanup in Nov00, that assumption was
removed, so response errors that occurred in the cleaned sections (such as
dav_fs_delete_resource) could trigger a segfault.

Solution: add a pool to dav_walk_resource and alter dav_add_response to use
that, rather than assume the ctx is a dav_walker_ctx.

[ note there is also a pool in dav_walk_resource.resource, but that pool is
  associated with the *resource* rather than the process of walking, so we
  introduced another field. currently they are the same, however. ]

Found by: Ryan Bloom


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87670 13f79535-47bb-0310-9956-ffa450edef68
parent 0f594500

modules/dav/fs/repos.c

+1 −0
Original line number Diff line number Diff line
@@ -1597,6 +1597,7 @@ static dav_error * dav_fs_internal_walk(const dav_walk_params *params, 


    fsctx.params = params;

    fsctx.wres.walk_ctx = params->walk_ctx;

    fsctx.wres.pool = params->pool;



    /* ### zero out versioned, working, baselined? */

modules/dav/main/mod_dav.c

+2 −3
Original line number Diff line number Diff line
@@ -1137,12 +1137,11 @@ static int dav_method_put(request_rec *r) 
DAV_DECLARE(void) dav_add_response(dav_walk_resource *wres,

                                   int status, dav_get_props_result *propstats)

{

    dav_walker_ctx *ctx = wres->walk_ctx;

    dav_response *resp;



    /* just drop some data into an dav_response */

    resp = apr_pcalloc(ctx->w.pool, sizeof(*resp));

    resp->href = apr_pstrdup(ctx->w.pool, wres->resource->uri);

    resp = apr_pcalloc(wres->pool, sizeof(*resp));

    resp->href = apr_pstrdup(wres->pool, wres->resource->uri);

    resp->status = status;

    if (propstats) {

	resp->propresult = *propstats;

modules/dav/main/mod_dav.h

+3 −0
Original line number Diff line number Diff line
@@ -1436,6 +1436,9 @@ typedef struct 
    /* the client-provided context */

    void *walk_ctx;



    /* pool to use for allocations in the callback */

    apr_pool_t *pool;



    /* the current resource */

    const dav_resource *resource;