46421 – module mod_authz_dbd - doesn't work when multiple groups are returned

Bug 46421 - module mod_authz_dbd - doesn't work when multiple groups are returned

Summary: module mod_authz_dbd - doesn't work when multiple groups are returned

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Core (show other bugs)
Version:	2.4-HEAD
Hardware:	All Windows XP

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk

Duplicates (1):	58246 (view as bug list)
Depends on:
Blocks:

Reported:	2008-12-19 14:28 UTC by SteveW
Modified:	2015-08-17 10:13 UTC (History)
CC List:	2 users (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SteveW 2008-12-19 14:28:16 UTC

When the query returns multiple groups, the function authz_dbd_group_query() returns the array containing pointers to the right number of groups, but all point the same string, the last group (entry) returned.

W/in the for loop I changed the if statement to this:

if (rv == 0) {
   group = apr_array_push(groups);
   *tstring = apr_dbd_get_entry(dbd->driver, row, 0);
   *group = apr_pcalloc(r->pool, strlen(*srwstring) + 1);
   strcpy(*group, *srwstring);
   *group = apr_dbd_get_entry(dbd->driver, row, 0);
}

Now the returned array (groups) contains an array of strings, each of which are at a newly allocated address.  This solved the problem in my usage with apache 2.2.10.  The function authz_dbd-group_query() didn't change in this area in the latest trunk copy in svn (to date).

Thanks much,
   -Steve

Comment 1 SteveW 2008-12-19 14:30:34 UTC

I see a couple typos in my submission.  The code should read:

if (rv == 0) {
   group = apr_array_push(groups);
   *tstring = apr_dbd_get_entry(dbd->driver, row, 0);
   *group = apr_pcalloc(r->pool, strlen(*tstring) + 1);
   strcpy(*group, *tstring);
   *group = apr_dbd_get_entry(dbd->driver, row, 0);
}

Comment 2 Nick Kew 2008-12-20 14:08:01 UTC

Which dbd driver are you using?

Looking at current practice, most of them allocate memory in apr_dbd_get_entry and won't (or shouldn't) exhibit this bug.  We need to ensure consistent practice there before patching httpd.

Comment 3 SteveW 2008-12-22 08:06:59 UTC

Ok, what I finally ended up with (after applying this change directly to the original modules) is this:

char *tstring;

            if (rv == 0) {
                group = apr_array_push(groups);
                tstring = apr_dbd_get_entry(dbd->driver, row, 0);
                *group = apr_pcalloc(r->pool, strlen(tstring) + 1);
                strcpy(*group, tstring);
            }

I'm using the mysql driver and have not tried this against any other.


Interesting that the mysql driver might be reusing the same location to return each group but others are not.

Comment 4 Nick Kew 2010-07-19 20:12:08 UTC

This is confusing: the mysql driver returns memory from what appears to be an array returned by mysql, so doesn't look as if it should need copying.  Anyway, I've just fixed mysql trunk to copy it.  If noone shouts I can backport.

Comment 5 Yann Ylavic 2015-05-13 11:49:28 UTC

Extended patch committed in r1663647 + r1679181 + r1679182.
Backport to 2.4.x proposed in r1679183.

(See https://www.mail-archive.com/dev@httpd.apache.org/msg61895.html for details).

Comment 6 Yann Ylavic 2015-05-13 12:21:09 UTC

mod_authz_dbd is 2.4.x only...

Comment 7 Christophe JAILLET 2015-06-27 07:14:37 UTC

This is part of the (unreleased) 2.4.13
backport in r1681107

Comment 8 John Fawcett 2015-08-17 10:13:21 UTC

*** Bug 58246 has been marked as a duplicate of this bug. ***