[Bug 64728] New: NPD bug caused by function dav_get_liveprop_info

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 64728] New: NPD bug caused by function dav_get_liveprop_info

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64728

            Bug ID: 64728
           Summary: NPD bug caused by function dav_get_liveprop_info
           Product: Apache httpd-2
           Version: 2.4-HEAD
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_dav
          Assignee: [hidden email]
          Reporter: [hidden email]
                CC: [hidden email]
  Target Milestone: ---

Created attachment 37442
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37442&action=edit
Clear explanation of bug trace

Hi guys,

We have found a NULL Pointer Dereference Bug as follows.

Bug description: `dav_fs_insert_prop` dereferences `info` at line 2000 in the
form `info->name`, while `info` can be null.

Root cause: Although it is claimed that info is not equal to NULL in the
annotation, we check the feasibility of the control flow path and find that
`modules/dav/main/liveprop.c` can set `*info = NULL` at line 127 in
`dav_get_liveprop_info` defined in `modules/dav/main/liveprop.c`

It would be better if `info` is checked to determined whether it is NULL or not
exactly before line 1991 in modules/dav/fs/repos.c.

For the convenience, we attach the calling traces in the attachements. The
marks can demonstrate that it is a true bug.

Looking forward to your reply. Hope it can be fixed to assure the security and
quality of the software. Thank you for your effort and have a nice day.

Best regards

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64728] NPD bug caused by function dav_get_liveprop_info

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64728

Bingyu Shen <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|[hidden email]         |

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64728] NPD bug caused by function dav_get_liveprop_info

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64728

Joe Orton <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Joe Orton <[hidden email]> ---
Again: please STOP filing this stuff in Bugzilla.

To demonstrate to us that a bug exists, you need to show us HOW to reproduce
the issue using a sequence of HTTP requests.  If all you have is the output of
a static analyzer, you have not even started work.  You need to understand the
code paths, work out how (or whether) they can be triggered using an HTTP (or
WebDAV) client.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]