mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.

The SSL dir config of proxy/backend connections is stored in r->per_dir_config but those connections have a lifetime independent of the requests they handle. So we need to allow the external ssl_engine_set() function to reset mod_ssl's dir config in between proxy requests, or the first sslconn->dc could be used after free for the next requests. mod_proxy can then reset/reinit the request config when recycling its backend connections. PR 63256. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855646 13f79535-47bb-0310-9956-ffa450edef68
2025-08-05 16:55:50 +03:00 · 2019-03-16 13:45:17 +00:00
parent c66bef968e
commit c75c9a812e
3 changed files with 39 additions and 16 deletions
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -1522,6 +1522,13 @@ static apr_status_t connection_cleanup(void *theconn)
        socket_cleanup(conn);
        conn->close = 0;
    }
+    else if (conn->is_ssl) {
+        /* Unbind/reset the SSL connection dir config (sslconn->dc) from
+         * r->per_dir_config, r will likely get destroyed before this proxy
+         * conn is reused.
+         */
+        ap_proxy_ssl_engine(conn->connection, worker->section_config, 1);
+    }

    if (worker->s->hmax && worker->cp->res) {
        conn->inreslist = 1;
@@ -3238,6 +3245,12 @@ static int proxy_connection_create(const char *proxy_function,
    apr_bucket_alloc_t *bucket_alloc;

    if (conn->connection) {
+        if (conn->is_ssl) {
+            /* on reuse, reinit the SSL connection dir config with the current
+             * r->per_dir_config, the previous one was reset on release.
+             */
+            ap_proxy_ssl_engine(conn->connection, per_dir_config, 1);
+        }
        return OK;
    }