Security: Apache mod code review
Bug #457442 reported by
root
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
psiphon |
Confirmed
|
Unknown
|
Unassigned |
Bug Description
* Run Static analysis tools to identify buffer overflows, memory leaks, thread deadlocks, etc.
* E.g, Coverity
Changed in psiphon: | |
status: | In Progress → New |
Changed in psiphon: | |
status: | New → Confirmed |
visibility: | private → public |
tags: | added: category3 |
To post a comment you must log in.
Here's a quick, first cut using a basic tool, cppcheck. Also see the item at the bottom which is from compiler warnings.
No frees on return, so this does look like a memory leak. What's sizeof(*tm), shouldn't it be sizeof(struct tm)? Wait, why is there am allocation here at all? It looks like the pointer to the allocated memory is overwritten ("tm = gmtime(&t)") and the allocated memory is never referenced.. Also, should use thread-safe gtime_r (http:// www.opengroup. org/onlinepubs/ 009695399/ functions/ gmtime. html).
if (!dconf->need_dbtc) {
dbtc_ log("dbtc( ): no need dbtc");
return DECLINED;
};
if (r->main != NULL) /*no subrequests*/
dbtc_ log("dbtc( ): not a main request");
return DECLINED;
tstr = apr_psprintf( r->pool, "%d", t);
{
}
tm = gmtime(&t);
t = mktime(tm);
int test_hook( request_ rec *r) {
struct_ test_dir_ config *dconf;
char body[MAX_BODY];
const char *result;
// const char *body = "here is line\r\nhere IS digits: 12345\r\nqqqq\n";
if (!dconf->enable) {
jsf_log( "test_hook( ): don't need test");
return DECLINED;
};
...