Hello. I am recheck httpd-trunk 2.5.0 and find few issues. I am use PVS-Studio Static Code Analyzer http://www.viva64.com/ Suspicious: V528 It is odd that pointer to 'char' type is compared with the '\0' value. Probably meant: ** ctx->re_source == '\0'. libhttpd util_expr_eval.c 167 V528: http://www.viva64.com/en/d/0117/ typedef struct { .... const char **re_source; .... } ap_expr_eval_ctx_t; static const char *ap_expr_eval_re_backref(ap_expr_eval_ctx_t *ctx, unsigned int n) { int len; if (!ctx->re_pmatch || !ctx->re_source || *ctx->re_source == '\0' || ctx->re_nmatch < n + 1) return ""; .... } ------------------------------------------------------------------------------- V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md4.c 362 V597: http://www.viva64.com/en/d/0208/ static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); } V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 436 V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 662 V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 436 V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 662 V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md4.c 362 V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. htdbm passwd_common.c 165 ------------------------------------------------------------------------------- V614 Potentially uninitialized pointer 'wch' used. apr start.c 58 V614: http://www.viva64.com/en/d/0230/ static int warrsztoastr(const char * const * *retarr, const wchar_t * arrsz, int args) { const apr_wchar_t *wch; .... if (args < 0) { for (args = 1, wch = arrsz; wch[0] || wch[1]; ++wch) if (!*wch) ++args; } wsize = 1 + wch - arrsz; .... } ------------------------------------------------------------------------------- V654 The condition 'retry < 2' of loop is always true. mod_proxy_wstunnel mod_proxy_wstunnel.c 436 V654: http://www.viva64.com/en/d/0275/ static int proxy_wstunnel_handler(....) { int retry; .... retry = 0; while (retry < 2) { char *locurl = url; .... // Variable 'retry' is not used .... } .... } ---- Best regards, Andrey Karpov Ph.D. in Mathematics, CTO OOO "Program Verification Systems" (Co Ltd) URL: www.viva64.com E-Mail: karpov@viva64.com
1) Fixed in r1812307 2) I've sent a patch for it. See r1832415, even if the patch is not a perfect solution. apr_crypto_memzero() should be available in all cases, IMHO. I leave the other location as-is for now, waiting to see if it can be used more widely, without some #if 3) Fixed in r1832203 4) Fixed in r1729507 I change the product from apache to apr for the remaining memset vs apr_crypto_memzero issues of point 2)