Bug 31183 - LOCK refresh request crashes server
Summary: LOCK refresh request crashes server
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_dav (show other bugs)
Version: 2.0.51
Hardware: PC Linux
: P3 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL: 211.115.204.8
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-12 17:33 UTC by Julian Reschke
Modified: 2007-09-17 23:34 UTC (History)
0 users



Attachments
test case (needs JScript/Windows; but can easily rewritten for other environments) (2.93 KB, text/plain)
2004-09-12 17:36 UTC, Julian Reschke
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Julian Reschke 2004-09-12 17:33:14 UTC
Sending a LOCK refresh request to an indirectly locked resource crashes the server.

Steps to reproduce:

MKCOL x

PUT x/y

LOCK x

try to refresh the lock through x/y, so

LOCK x/y


(Test case will be attached separately).
Comment 1 Julian Reschke 2004-09-12 17:36:23 UTC
Created attachment 12710 [details]
test case (needs JScript/Windows; but can easily rewritten for other environments)
Comment 2 Joe Orton 2004-09-12 20:06:46 UTC
Is it crashing using all three If headers formats? I couldn't reproduce from a
quick test here (on Unix).  Can you get a backtrace out of the server?
Comment 3 Julian Reschke 2004-09-12 20:11:35 UTC
Yes, all of them, it seems.

How do I get the backtrace?
Comment 4 Joe Orton 2004-09-12 20:25:09 UTC
Never mind, I've reproduced it.  

It's a NULL pointer dereference in fs/lock.c:

	    /* the lock was refreshed. return the lock. */
	    newlock = dav_fs_alloc_lock(lockdb, ip->key, dp->locktoken);
	    newlock->is_locknull = !resource->exists;

dp is NULL at time of invocation.
Comment 5 Joe Orton 2004-09-12 22:28:24 UTC
Thanks for the report, Julian.  This is what I committed:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33

if you could re-run your tests with that patch applied that would be great.  It
passes the litmus test I added.
Comment 6 Joe Orton 2004-09-21 08:50:01 UTC
This is fixed in 2.0.51, thanks again.
Comment 7 CELL 2007-09-17 23:34:57 UTC
(In reply to comment #0)
> Sending a LOCK refresh request to an indirectly locked resource crashes the 
server.
> Steps to reproduce:
> MKCOL x
> PUT x/y
> LOCK x
> try to refresh the lock through x/y, so
> LOCK x/y
> (Test case will be attached separately).