*) core: Be safe with ap_lingering_close() called with a socket NULL-ed.

PR 65627.

mod_itk seems to:
  ap_set_core_module_config(c->conn_config, NULL)
before calling ap_lingering_close(), causing a crash after r1891721.
Until we have an API to no-op ap_lingering_close(), let's be safe.

* server/connection.c(ap_start_lingering_close):
  The socket should not be NULL here, add an assertion.

* server/connection.c(ap_lingering_close):
  Set c->aborted if the socket is NULL, and give up.

Submitted by: acmondor <bz.apache.org acmondor.ca>, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894171 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt
new file mode 100644 (file)
index 0000000..43cc693
--- /dev/null
+++ b/changes-entries/ap_lingering_close-NULL.txt
@@ -0,0 +1,3 @@
+  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
+     a third-party module.  PR 65627.
+     [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]

diff --git a/server/connection.c b/server/connection.c
index f89ac553c60644d64eb6cd8c969d9b64319e69c5..a7a51cf7414247efbc8b76a02ff60be85d76c0dc 100644 (file)
--- a/server/connection.c
+++ b/server/connection.c
@@ -145,9 +145,7 @@ AP_DECLARE(int) ap_start_lingering_close(conn_rec *c)
 {
     apr_socket_t *csd = ap_get_conn_socket(c);
 
-    if (!csd) {
-        return 1;
-    }
+    ap_assert(csd != NULL);
 
     if (ap_prep_lingering_close(c)) {
         return 1;
@@ -178,6 +176,15 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
     apr_time_t now, timeup = 0;
     apr_socket_t *csd = ap_get_conn_socket(c);
 
+    if (!csd) {
+        /* Be safe with third-party modules that:
+         *   ap_set_core_module_config(c->conn_config, NULL)
+         * to no-op ap_lingering_close().
+         */
+        c->aborted = 1;
+        return;
+    }
+
     if (ap_start_lingering_close(c)) {
         apr_socket_close(csd);
         return;