Merge r354394 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further
access control checks if SSL is not in use regardless of vhost
settings.

Submitted by: Rüdiger Plüm, Joe Orton
Reviewed by: rpluem, jorton, jim
PR: 37791

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@368730 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index f4d8f6c0b959912759af68c9b9d4e6b355f3ae6f..5dc336cfdf6f7b6ff499cea22a0f973cb3ca7f5a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,13 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.1
 
+  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
+     mod_ssl: Fix a possible crash during access control checks if a
+     non-SSL request is processed for an SSL vhost (such as the
+     "HTTP request received on SSL port" error message when an 400 
+     ErrorDocument is configured, or if using "SSLEngine optional").
+     PR 37791.  [Rüdiger Plüm, Joe Orton]
+
   *) Chunk filter: Fix chunk filter to create correct chunks in the case that
      a flush bucket is surrounded by data buckets. [Ruediger Pluem]
 

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 01759e10d012b129ec5dbbae6134de62518476e2..134236b753b5572b3f043690ff62cf1ad819d262 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -202,11 +202,14 @@ int ssl_hook_Access(request_rec *r)
     }
 
     /*
-     * Check to see if SSL protocol is on
+     * Check to see whether SSL is in use; if it's not, then no
+     * further access control checks are relevant.  (the test for
+     * sc->enabled is probably strictly unnecessary)
      */
-    if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
+    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
         return DECLINED;
     }
+
     /*
      * Support for per-directory reconfigured SSL connection parameters.
      *