r1845204 | rpluem | 2018-10-30 09:04:14 +0000 (Tue, 30 Oct 2018)
Fix issue SVN-4782: Do not use (const char*)1 in httpd modules as value for r->notes.
mod_authz_svn.c and mod_dav_svn.c add keys to r->notes to memorize boolean
states (FORCE_AUTHN_NOTE, IN_SOME_AUTHN_NOTE, authz_svn-anon-ok,
NO_MAP_TO_STORAGE_NOTE). They use (const char*)1 as values for the keys. This
causes any call to apr_table_clone for r->notes to crash with a SEGFAULT,
because (const char*)1 is an invalid address. mod_http2 in httpd calls
apr_table_clone for r->notes and hence the httpd process crashes.
Hence replace the value of (const char*)1 in these cases with a value of "1".
* subversion/mod_authz_svn/mod_authz_svn.c
(access_checker, check_user_id): Replace value of (const char*)1 with "1"
in apr_table_setn calls for r->notes table for keys FORCE_AUTHN_NOTE,
IN_SOME_AUTHN_NOTE, authz_svn-anon-ok to set a value with an valid address.
* subversion/mod_authz_svn/mod_dav_svn.c
(dav_svn__translate_name): Replace value of (const char*)1 with "1"
in apr_table_setn calls for r->notes table for keys NO_MAP_TO_STORAGE_NOTE
to set a value with an valid address.
[U:server] mod_dav_svn, mod_authz_svn: Fix segfault under mod_http2 (SVN-4782)