mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.

The SSL dir config of proxy/backend connections is stored in r->per_dir_config but those connections have a lifetime independent of the requests they handle. So we need to allow the external ssl_engine_set() function to reset mod_ssl's dir config in between proxy requests, or the first sslconn->dc could be used after free for the next requests. mod_proxy can then reset/reinit the request config when recycling its backend connections. PR 63256. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855646 13f79535-47bb-0310-9956-ffa450edef68
2025-08-05 16:55:50 +03:00 · 2019-03-16 13:45:17 +00:00
parent c66bef968e
commit c75c9a812e
3 changed files with 39 additions and 16 deletions
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -486,17 +486,31 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
 }

 static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
-                                           ap_conf_vector_t *per_dir_config)
+                                           ap_conf_vector_t *per_dir_config,
+                                           int new_proxy)
 {
    SSLConnRec *sslconn = myConnConfig(c);
-    SSLSrvConfigRec *sc;

-    if (sslconn) {
-        return sslconn;
+    if (!sslconn) {
+        sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
+
+        sslconn->server = c->base_server;
+        sslconn->verify_depth = UNSET;
+        if (new_proxy) {
+            sslconn->is_proxy = 1;
+            sslconn->cipher_suite = sslconn->dc->proxy->auth.cipher_suite;
+        }
+        else {
+            SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+            sslconn->cipher_suite = sc->server->auth.cipher_suite;
+        }
+
+        myConnConfigSet(c, sslconn);
    }

-    sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
-
+    /* Reinit dc in any case because it may be r->per_dir_config scoped
+     * and thus a caller like mod_proxy needs to update it per request.
+     */
    if (per_dir_config) {
        sslconn->dc = ap_get_module_config(per_dir_config, &ssl_module);
    }
@@ -505,13 +519,6 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
                                           &ssl_module);
    }

-    sslconn->server = c->base_server;
-    sslconn->verify_depth = UNSET;
-    sc = mySrvConfig(c->base_server);
-    sslconn->cipher_suite = sc->server->auth.cipher_suite;
-
-    myConnConfigSet(c, sslconn);
-
    return sslconn;
 }

@@ -551,8 +558,7 @@ static int ssl_engine_set(conn_rec *c,
    int status;
    
    if (proxy) {
-        sslconn = ssl_init_connection_ctx(c, per_dir_config);
-        sslconn->is_proxy = 1;
+        sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
    }
    else {
        sslconn = myConnConfig(c);
@@ -599,7 +605,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
    /*
     * Create or retrieve SSL context
     */
-    sslconn = ssl_init_connection_ctx(c, r ? r->per_dir_config : NULL);
+    sslconn = ssl_init_connection_ctx(c, r ? r->per_dir_config : NULL, 0);
    server = sslconn->server;
    sc = mySrvConfig(server);