Commit f4e86477 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

mod_dav: When a PROPPATCH attempts to remove a non-existent dead 

property on a resource for which there is no dead property in the same
namespace httpd segfaults. 

PR: 52559
Backports: r1476642
Submitted by: Diego Santa Cruz <diego.santaCruz spinetix.com>
Reviewed by: minfrin, wrowe, rjung




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497455 13f79535-47bb-0310-9956-ffa450edef68
parent f7585544

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -46,6 +46,11 @@ Changes with Apache 2.2.25 
     result in a 412 Precondition Failed. PR54610 [Timothy Wood

     <tjw omnigroup.com>]



  *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead

     property on a resource for which there is no dead property in the same

     namespace httpd segfaults. PR 52559 [Diego Santa Cruz

     <diego.santaCruz spinetix.com>]



Changes with Apache 2.2.24



  *) SECURITY: CVE-2012-3499 (cve.mitre.org)

STATUS

+0 −9
Original line number Diff line number Diff line
@@ -96,15 +96,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

  

  * mod_dav: When a PROPPATCH attempts to remove a non-existent dead

    property on a resource for which there is no dead property in the same

    namespace httpd segfaults. PR 52559

    [Diego Santa Cruz <diego.santaCruz spinetix.com>]

    trunk patch: http://svn.apache.org/r1476642

    2.4.x patch: http://svn.apache.org/r1486458

    2.2.x patch: trunk patch works (minus CHANGES)

    +1: minfrin, wrowe, rjung



  * mod_dav: Do not fail PROPPATCH when prop namespace is not known. PR 52559

    [Diego Santa Cruz <diego.santaCruz spinetix.com>]

    trunk patch: http://svn.apache.org/r1476644

modules/dav/fs/dbm.c

+4 −0
Original line number Diff line number Diff line
@@ -729,6 +729,10 @@ static dav_error * dav_propdb_get_rollback(dav_db *db, 
static dav_error * dav_propdb_apply_rollback(dav_db *db,

                                             dav_deadprop_rollback *rollback)

{

    if (!rollback) {

        return NULL; /* no rollback, nothing to do */

    }



    if (rollback->value.dptr == NULL) {

        /* don't fail if the thing isn't really there. */

        (void) dav_dbm_delete(db, rollback->key);