Kriston Rehberg
-
2002-02-26
- assigned_to: nobody --> kriston
Menu
▾
▴
#59 nsperm segfaults on uninitialized mutex if skiplocks set
If the configuration parameter SkipLocks is "on" (the
default) then calling "ns_perm checkpass user pass"
with a user that exists (regardless of whether the
password is correct or not) will segfault the server.
The reason is quite simple: the mutex in the users
TclHashTable is not initialized if skiplocks is set,
but UserAuthProc does not check if skiplocks is set
before attempting to lock the mutex. Checking
skiplocks before attempting to manipulate the mutex (as
its done nearly everywhere else in the code) fixes the
segfault.
SetPassCmd is similarly broken, but it should probably
not be allowed at all if skiplocks is set.
Also, Ns_MutexLock and Ns_LockMutex are both used
(similarly for Unlock); it seems that the first should
be preferres as LockMutex is from the 2.x compatability
code.
These reasons are likely partly behind the complete
rewrite of nsperm for 4.x, but that has not yet been
released and people running 3.4 or earlier may want to
know about this problem.
Discussion
-
Kriston Rehberg - 2003-03-03- assigned_to: kriston --> nobody
-
Dossy Shiobara - 2004-06-29
- summary: segfault in nsperm --> nsperm segfaults on uninitialized mutex if skiplocks set
Log in to post a comment.