diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-30 12:20:10 +0100 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2022-01-30 12:28:36 +0100 |
commit | 7f4245a2e221237359ad6c02d7ddbe2e06d27229 (patch) | |
tree | 27d6b4249f88f8b32c8e3c7b576e8a63d6b22876 | |
parent | 4a3677859d48b8bf693ef71f4084be9ec8709e7b (diff) | |
download | mod_intercept_form_submit-7f4245a2e221237359ad6c02d7ddbe2e06d27229.tar.gz mod_intercept_form_submit-7f4245a2e221237359ad6c02d7ddbe2e06d27229.tar.xz mod_intercept_form_submit-7f4245a2e221237359ad6c02d7ddbe2e06d27229.zip |
Ensure we do not work with memory that was already freed (and reused).
When mod_authnz_pam does redirect for AuthPAMExpiredRedirect, the remaining
input gets slurped from the r->input_filters by ap_send_error_response()
and ctx->cached_brigade is cleared from our filter and memory reclaimed.
The ctx->password_fragment_start_bucket is then no longer valid because
the memory was released and reclaimed, and there is no point attempting
to redact the password.
-rw-r--r-- | mod_intercept_form_submit.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/mod_intercept_form_submit.c b/mod_intercept_form_submit.c index c93e263..1b90db3 100644 --- a/mod_intercept_form_submit.c +++ b/mod_intercept_form_submit.c @@ -181,6 +181,10 @@ static void intercept_form_redact_password(ap_filter_t * f, ifs_config * config) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, SHOW_MODULE "will redact password (value of %s) in the POST data", config->password_name); ifs_filter_ctx_t * ctx = f->ctx; apr_bucket * b = ctx->password_fragment_start_bucket; + if (! b) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, SHOW_MODULE "the input got processed from the cached_brigade (possibly by ap_send_error_response), no redacting possible"); + return; + } int fragment_start_bucket_offset = ctx->password_fragment_start_bucket_offset; if (fragment_start_bucket_offset) { apr_bucket_split(b, fragment_start_bucket_offset); @@ -304,6 +308,7 @@ static apr_status_t intercept_form_submit_filter(ap_filter_t * f, apr_bucket_bri APR_BRIGADE_CONCAT(bb, ctx->cached_brigade); apr_brigade_cleanup(ctx->cached_brigade); ctx->cached_brigade = NULL; + ctx->password_fragment_start_bucket = NULL; return ctx->cached_ret; } return ap_get_brigade(f->next, bb, mode, block, readbytes); |