From 87959528ce4f93d0f579a6c06be141eb39307d21 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Mon, 4 May 2020 08:58:02 +0000 Subject: [PATCH] Prior to r1877345 mc->pPool was the process pool (s->process->pool). Drop the field from SSLModConfigRec and use pconf instead (where appropriate) to match the new SSLModConfigRec lifetime. * modules/ssl/ssl_engine_kernel.c (ssl_callback_DelSessionCacheEntry): Explicitly (and probably unsafely) use the process pool. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLRandomSeed): Use cmd->pool to allocate paths. * modules/ssl/ssl_engine_init.c (ssl_init_Module): Use pconf to allocate the keylog_file. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Drop lookup of SSLModConfigRec and use s->process->pool when no pool is passed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877347 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_config.c | 9 ++++----- modules/ssl/ssl_engine_init.c | 2 +- modules/ssl/ssl_engine_kernel.c | 7 ++----- modules/ssl/ssl_engine_vars.c | 5 +++-- modules/ssl/ssl_private.h | 1 - 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index bb2dbedd212..f3d1e4a4273 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -54,7 +54,6 @@ static SSLModConfigRec *ssl_config_global_create(apr_pool_t *pool, server_rec *s } mc = apr_pcalloc(pool, sizeof(*mc)); - mc->pPool = pool; /* * initialize per-module configuration @@ -748,16 +747,16 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, if ((arg2len > 5) && strEQn(arg2, "file:", 5)) { seed->nSrc = SSL_RSSRC_FILE; - seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); + seed->cpPath = ap_server_root_relative(cmd->pool, arg2+5); } else if ((arg2len > 5) && strEQn(arg2, "exec:", 5)) { seed->nSrc = SSL_RSSRC_EXEC; - seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); + seed->cpPath = ap_server_root_relative(cmd->pool, arg2+5); } else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) { #ifdef HAVE_RAND_EGD seed->nSrc = SSL_RSSRC_EGD; - seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4); + seed->cpPath = ap_server_root_relative(cmd->pool, arg2+4); #else return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `", arg2, "': This version of " MODSSL_LIBRARY_NAME @@ -771,7 +770,7 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, } else { seed->nSrc = SSL_RSSRC_FILE; - seed->cpPath = ap_server_root_relative(mc->pPool, arg2); + seed->cpPath = ap_server_root_relative(cmd->pool, arg2); } if (seed->nSrc != SSL_RSSRC_BUILTIN) { diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a59a055bab4..46330601f6a 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -449,7 +449,7 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, rv = apr_file_open(&mc->keylog_file, logfn, APR_FOPEN_CREATE|APR_FOPEN_WRITE|APR_FOPEN_APPEND|APR_FOPEN_LARGEFILE, APR_FPROT_UREAD|APR_FPROT_UWRITE, - mc->pPool); + p); if (rv) { ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, s, APLOGNO(10226) "Could not open log file '%s' configured via SSLKEYLOGFILE", diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 21df1eeb8f6..9787ae345ed 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2169,7 +2169,6 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, SSL_SESSION *session) { server_rec *s; - SSLSrvConfigRec *sc; IDCONST unsigned char *id; unsigned int idlen; @@ -2180,8 +2179,6 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, return; /* on server shutdown Apache is already gone */ } - sc = mySrvConfig(s); - /* * Remove the SSL_SESSION from the inter-process cache */ @@ -2192,8 +2189,8 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, idlen = session->session_id_length; #endif - /* TODO: Do we need a temp pool here, or are we always shutting down? */ - ssl_scache_remove(s, id, idlen, sc->mc->pPool); + /* ### Is it really safe to use the process pool here??? */ + ssl_scache_remove(s, id, idlen, s->process->pool); ssl_session_log(s, "REM", id, idlen, "OK", "dead", 0); diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 63f65ed2c4a..249434a8108 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -241,7 +241,6 @@ void ssl_var_register(apr_pool_t *p) /* This function must remain safe to use for a non-SSL connection. */ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { - SSLModConfigRec *mc = myModConfig(s); const char *result; BOOL resdup; apr_time_exp_t tm; @@ -249,6 +248,8 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, result = NULL; resdup = TRUE; + AP_DEBUG_ASSERT(s); + /* * When no pool is given try to find one */ @@ -258,7 +259,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, else if (c != NULL) p = c->pool; else - p = mc->pPool; + p = s->process->pool; } /* diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 6f48e1586bc..1798cc5f480 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -586,7 +586,6 @@ typedef struct { typedef struct { pid_t pid; - apr_pool_t *pPool; BOOL bFixed; /* OpenSSL SSL_SESS_CACHE_* flags: */ -- 2.47.3