www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Prevent segfaults after SSL renegotiation failures.

Browse Source 
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag
after renegotiation failure.

* modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output):
Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL.
(ssl_filter_io_shutdown): Set aborted flag on abortive shutdown.

PR: 21370
Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Cleaned up by: Jeff Trawick, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100720 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2003-07-21 12:02:40 +00:00
parent 6d5e39b8f7
commit eb49ea1f5c
3 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
[Remove entries to the current 2.0 section below, when backported] [Remove entries to the current 2.0 section below, when backported]
*) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
[Hartmut Keil <Hartmut.Keil@adnovum.ch>]
*) ab: Overlong credentials given via command line no longer clobber *) ab: Overlong credentials given via command line no longer clobber
the buffer. [Andr<64> Malo] the buffer. [Andr<64> Malo]

13
modules/ssl/ssl_engine_io.c
View File

@@ -780,8 +780,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
apr_size_t len) apr_size_t len)
{ {
ssl_filter_ctx_t *filter_ctx = f->ctx; ssl_filter_ctx_t *filter_ctx = f->ctx;
bio_filter_out_ctx_t *outctx = bio_filter_out_ctx_t *outctx;
(bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
int res; int res;
/* write SSL */ /* write SSL */
@@ -789,6 +788,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
return APR_EGENERAL; return APR_EGENERAL;
} }
outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len); res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
if (res < 0) { if (res < 0) {
@@ -1003,6 +1003,11 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
sslconn->ssl = NULL; sslconn->ssl = NULL;
filter_ctx->pssl = NULL; /* so filters know we've been shutdown */ filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
if (abortive) {
/* prevent any further I/O */
c->aborted = 1;
}
return APR_SUCCESS; return APR_SUCCESS;
} }
@@ -1362,8 +1367,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
{ {
apr_status_t status = APR_SUCCESS; apr_status_t status = APR_SUCCESS;
ssl_filter_ctx_t *filter_ctx = f->ctx; ssl_filter_ctx_t *filter_ctx = f->ctx;
bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *) bio_filter_in_ctx_t *inctx;
(filter_ctx->pbioRead->ptr);
if (f->c->aborted) { if (f->c->aborted) {
apr_brigade_cleanup(bb); apr_brigade_cleanup(bb);
@@ -1375,6 +1379,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
return ap_pass_brigade(f->next, bb); return ap_pass_brigade(f->next, bb);
} }
inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
/* When we are the writer, we must initialize the inctx /* When we are the writer, we must initialize the inctx
* mode so that we block for any required ssl input, because * mode so that we block for any required ssl input, because
* output filtering is always nonblocking. * output filtering is always nonblocking.

2
modules/ssl/ssl_engine_kernel.c
View File

@@ -706,6 +706,7 @@ int ssl_hook_Access(request_rec *r)
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation request failed"); "Re-negotiation request failed");
r->connection->aborted = 1;
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
@@ -724,6 +725,7 @@ int ssl_hook_Access(request_rec *r)
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Not accepted by client!?"); "Not accepted by client!?");
r->connection->aborted = 1;
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
} }