Fix: An invalid request->clientConnectionManager object can be used inside Ssl::PeerC...

This patch adds the Ssl::ServerBio::bumpMode() method to retrieve the configured
mode from a ServerBio object, and uses this method for checking the bumping
mode inside Ssl::PeerConnector::handleNegotiateError method

This is a Measurement Factory project

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index 484acc7cf86fd77ad232a8edd0faadcc23c012c7..50a01c1223998dead34a6e6e5e8eddff902cbbef 100644 (file)
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -532,7 +532,7 @@ Ssl::PeerConnector::handleNegotiateError(const int ret)
         return;
 
     case SSL_ERROR_WANT_WRITE:
-        if ((request->clientConnectionManager->sslBumpMode == Ssl::bumpPeek || request->clientConnectionManager->sslBumpMode == Ssl::bumpStare) && srvBio->holdWrite()) {
+        if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
             debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
             checkForPeekAndSplice();
             return;
@@ -556,7 +556,7 @@ Ssl::PeerConnector::handleNegotiateError(const int ret)
 #if 1
         if (!SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_detail) &&
                 SSL_get_peer_certificate(ssl) &&
-                (request->clientConnectionManager->sslBumpMode == Ssl::bumpPeek  || request->clientConnectionManager->sslBumpMode == Ssl::bumpStare) && srvBio->holdWrite()) {
+                (srvBio->bumpMode() == Ssl::bumpPeek  || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
             debugs(81, 3, "Error ("  << ERR_error_string(ssl_lib_error, NULL) <<  ") but, hold write on SSL connection on FD " << fd);
             checkForPeekAndSplice();
             return;

diff --git a/src/ssl/bio.h b/src/ssl/bio.h
index 0abbaa075b8d4cb2889da53f254d98ea5e0f0500..f053fb2525c710a5881b6410af4a54fcf853b3be 100644 (file)
--- a/src/ssl/bio.h
+++ b/src/ssl/bio.h
@@ -179,6 +179,7 @@ public:
     bool canBump() {return allowBump;}
     /// The bumping mode
     void mode(Ssl::BumpMode m) {bumpMode_ = m;}
+    Ssl::BumpMode bumpMode() {return bumpMode_;} ///< return the bumping mode
 private:
     /// A random number to use as "client random" in client hello message
     sslFeatures clientFeatures;