From: Graham Leggett <minfrin@apache.org>
Date: Sat, 22 Jan 2022 22:02:11 +0000 (+0000)
Subject: mod_ssl: An edge case exists where SSL_read might return SSL_ERROR_WANT_READ
X-Git-Tag: 2.5.0-alpha2-ci-test-only~552
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=204b709eef975cd7dfb86709cb1b4d61148953d9;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: An edge case exists where SSL_read might return SSL_ERROR_WANT_READ
even in blocking BIO cases. Set guards so that an async MPM is not accessed
at this point. There is no need to set non blocking, mod_ssl's BIO already
knows how to do this.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897356 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index c693ad2a3a2..c31f008f3f6 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -796,7 +796,9 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
                  * (This is usually the case when the client forces an SSL
                  * renegotiation which is handled implicitly by OpenSSL.)
                  */
-                inctx->c->cs->sense = CONN_SENSE_WANT_READ;
+                if (inctx->c->cs) {
+                    inctx->c->cs->sense = CONN_SENSE_WANT_READ;
+                }
                 inctx->rc = APR_EAGAIN;
 
                 if (*len > 0) {
@@ -817,7 +819,9 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
                  * (This is usually the case when the client forces an SSL
                  * renegotiation which is handled implicitly by OpenSSL.)
                  */
-                inctx->c->cs->sense = CONN_SENSE_WANT_WRITE;
+                if (inctx->c->cs) {
+                    inctx->c->cs->sense = CONN_SENSE_WANT_WRITE;
+                }
                 inctx->rc = APR_EAGAIN;
 
                 if (*len > 0) {
@@ -983,7 +987,9 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
              * (This is usually the case when the client forces an SSL
              * renegotiation which is handled implicitly by OpenSSL.)
              */
-            outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+            if (outctx->c->cs) {
+                outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+            }
             outctx->rc = APR_EAGAIN;
             ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c,
                           "Want read during nonblocking write");
@@ -1516,7 +1522,9 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
              */
             ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c,
                           "Want read during nonblocking accept");
-            outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+        	if (outctx->c->cs) {
+                outctx->c->cs->sense = CONN_SENSE_WANT_READ;
+        	}
             outctx->rc = APR_EAGAIN;
             return APR_EAGAIN;
         }
@@ -1526,7 +1534,9 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
              */
             ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c,
                           "Want write during nonblocking accept");
-            outctx->c->cs->sense = CONN_SENSE_WANT_WRITE;
+        	if (outctx->c->cs) {
+                outctx->c->cs->sense = CONN_SENSE_WANT_WRITE;
+        	}
             outctx->rc = APR_EAGAIN;
             return APR_EAGAIN;
         }
@@ -2362,13 +2372,6 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
 #endif
     BIO_set_data(filter_ctx->pbioWrite, (void *)bio_filter_out_ctx_new(filter_ctx, c));
 
-    /* write is non blocking for the benefit of async mpm */
-    if (c->cs) {
-        BIO_set_nbio(filter_ctx->pbioWrite, 1);
-        ap_log_cerror(APLOG_MARK, APLOG_TRACE7, 0, c,
-                      "Enabling non-blocking writes");
-    }
-
     ssl_io_input_add_filter(filter_ctx, c, r, ssl);
 
     SSL_set_bio(ssl, filter_ctx->pbioRead, filter_ctx->pbioWrite);