For release 1.2.13 of jakarta-tomcat-connectors: Problem 1: the NSAPI plugin under <root>/jk/native/netscape/jk_nsapi_plugin.c frees() the initial workers map structure, init_map, at the end of the jk_init (...) function. As the jk_status.c worker uses the list of workers stored within this structure, when the jk_status worker is used by the NSAPI plugin, it attempts to read freed memory. Problem 2: the NSAPI plugin under <root>/jk/native/netscape/jk_nsapi_plugin.c does not use the uri_to_worker map within the jk_worker_env_t structure (as this is done inside the netscape configuration files), however, the jk_status worker attempts to access the (uw_map) attached to the current jk_ws_service without a null check, thus causing the jk_status worker to attempt to dereference a null pointer. Attached is a diff output of the changes between the jk_nsapi_plugin.c supplied within the jakarta-tomcat-connectors-1.2.13-src package, and a modified version of this file which fixes this problem by adding a uri_to_worker map, and having a static init_map structure: --- 56,57d55 < static jk_map_t *init_map = NULL; < static jk_uri_worker_map_t *uw_map = NULL; 89c87 < init_map = (jk_map_t *)init_d; --- > jk_map_t *init_map = (jk_map_t *)init_d; 93,101c91 < if (uri_worker_map_alloc(&uw_map, NULL, logger)) { < uw_map->fname = ""; < worker_env.uri_to_worker = uw_map; < init_on_other_thread_is_ok = JK_TRUE; < } < else { < jk_log(logger, JK_LOG_EMERG, < "In init_workers_on_other_threads, failed"); < } --- > init_on_other_thread_is_ok = JK_TRUE; 227a218 > jk_map_t *init_map; 271a263,264 > > jk_map_free(&init_map); 289,292d281 < if (uw_map) { < uri_worker_map_free(&uw_map, logger); < } < 297,300d285 < < if (init_map) { < jk_map_free(&init_map); < } 410d394 < s->uw_map = uw_map; --
Created attachment 15776 [details] patched jk_nsapi_plugin.c
Patch committed and will be included in jk 1.2.16 onwards. Thanks for the patch.