avoid segfault and improve error reporting when apr_temp_dir_get fails

zandbelt · zandbelt · commit a2cfc062a676 · 2024-12-05T17:07:22.000+01:00
when a temp directory cannot be found on the system upon initalizing cache mutexes and file cache; see #1288; thanks @ErmakovDmitriy Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
diff --git a/AUTHORS b/AUTHORS
@@ -93,3 +93,4 @@ reporting bugs, providing fixes, suggesting useful features or other:
 	adg-mh <https://github.com/adg-mh>
 	David P. Discher <https://github.com/daviddpd>
 	ryanwilliamnicholls <https://github.com/ryanwilliamnicholls>
+	Dmitrii Ermakov <https://github.com/ErmakovDmitriy>
diff --git a/ChangeLog b/ChangeLog
@@ -2,6 +2,8 @@
 - metadata: fix caching of JWKs from jwks_uri when using the default expiry setting (i.e. not using OIDCJWKSRefreshInterval)
   and avoid fetching JWKs from the jwks_uri for each user login; also addresses Redis cache
   error entries the log [ERR invalid expire time in 'setex' command]
+- avoid segfault and improve error reporting in case apr_temp_dir_get fails when a temp directory cannot be found
+  on the system upon initalizing cache mutexes and file cache; see #1288; thanks @ErmakovDmitriy
 
 11/21/2024
 - add option to set local address for outgoing HTTP requests; see #1283; thanks @studersi
diff --git a/src/cache/cache.h b/src/cache/cache.h
@@ -84,6 +84,7 @@ typedef struct oidc_cache_mutex_t {
 } oidc_cache_mutex_t;
 
 oidc_cache_mutex_t *oidc_cache_mutex_create(apr_pool_t *pool, apr_byte_t global);
+char *oidc_cache_status2str(apr_pool_t *p, apr_status_t statcode);
 apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m, const char *type);
 apr_status_t oidc_cache_mutex_child_init(apr_pool_t *p, server_rec *s, oidc_cache_mutex_t *m);
 apr_byte_t oidc_cache_mutex_lock(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m);
diff --git a/src/cache/common.c b/src/cache/common.c
@@ -86,7 +86,13 @@ apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m, co
 	const char *dir;
 
 	/* construct the mutex filename */
-	apr_temp_dir_get(&dir, s->process->pool);
+	rv = apr_temp_dir_get(&dir, s->process->pool);
+	if (rv != APR_SUCCESS) {
+		oidc_serror(s, "apr_temp_dir_get failed: could not find a temp dir: %s",
+			    oidc_cache_status2str(s->process->pool, rv));
+		return FALSE;
+	}
+
 	m->mutex_filename =
 	    apr_psprintf(s->process->pool, "%s/mod_auth_openidc_%s_mutex.%ld.%pp", dir, type, (long int)getpid(), s);
 
diff --git a/src/cache/file.c b/src/cache/file.c
@@ -64,10 +64,16 @@ typedef struct {
 
 /* post config routine */
 int oidc_cache_file_post_config(server_rec *s) {
+	apr_status_t rv = APR_SUCCESS;
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(s->module_config, &auth_openidc_module);
 	if (cfg->cache.file_dir == NULL) {
 		/* by default we'll use the OS specified /tmp dir for cache files */
-		apr_temp_dir_get((const char **)&cfg->cache.file_dir, s->process->pool);
+		rv = apr_temp_dir_get((const char **)&cfg->cache.file_dir, s->process->pool);
+		if (rv != APR_SUCCESS) {
+			oidc_serror(s, "apr_temp_dir_get failed: could not find a temp dir: %s",
+				    oidc_cache_status2str(s->process->pool, rv));
+			return HTTP_INTERNAL_SERVER_ERROR;
+		}
 	}
 	return OK;
 }
