SSL_SESSION_id2sz() was NOT THREAD SAFE. it returned a pointer to a

static variable.  fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93899 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c

@@ -1606,11 +1606,14 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
+
         ssl_log(s, SSL_LOG_TRACE,
                 "Inter-Process Session Cache: "
                 "request=SET status=%s id=%s timeout=%ds (session caching)",
                 (rc == TRUE ? "OK" : "BAD"),
-                SSL_SESSION_id2sz(session_id, session_id_length),
+                SSL_SESSION_id2sz(session_id, session_id_length,
+                                  buf, sizeof(buf)),
                 (timeout - time(NULL)));
     }
 
@@ -1647,12 +1650,15 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
         const char *status = session ? "FOUND" : "MISSED";
         const char *re     = session ? "reuse" : "renewal";
 
         ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
                 "request=GET status=%s id=%s (session %s)",
-                status, SSL_SESSION_id2sz(id, idlen), re);
+                status,
+                SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
+                re);
     }
 
     /*
@@ -1701,9 +1707,11 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
         ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
                 "request=REM status=OK id=%s (session dead)",
-                SSL_SESSION_id2sz(session_id, session_id_length));
+                SSL_SESSION_id2sz(session_id, session_id_length,
+                                  buf, sizeof(buf)));
     }
 
     return;

modules/ssl/ssl_util_ssl.c

@@ -535,15 +535,15 @@ int SSL_CTX_use_certificate_chain(
 **  _________________________________________________________________
 */
 
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen)
+char *SSL_SESSION_id2sz(unsigned char *id, int idlen,
+                        char *str, int strsize)
 {
-    static char str[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
     char *cp;
     int n;
 
     cp = str;
     for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) {
-        apr_snprintf(cp, sizeof(str)-(cp-str), "%02X", id[n]);
+        apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
         cp += 2;
     }
     *cp = NUL;

modules/ssl/ssl_util_ssl.h

@@ -80,6 +80,10 @@
  */
 #define SSL_SESSION_MAX_DER 1024*10
 
+/* max length for SSL_SESSION_id2sz */
+#define SSL_SESSION_ID_STRING_LEN \
+    ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
+
 /*  
  *  Additional Functions
  */
@@ -100,6 +104,6 @@ BOOL        SSL_load_CrtAndKeyInfo_file(apr_pool_t *, STACK_OF(X509_INFO) *, cha
 BOOL        SSL_load_CrtAndKeyInfo_path(apr_pool_t *, STACK_OF(X509_INFO) *, char *);
 #endif /* SSL_EXPERIMENTAL_PROXY */
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*));
-char       *SSL_SESSION_id2sz(unsigned char *, int);
+char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
 
 #endif /* __SSL_UTIL_SSL_H__ */