From: Joe Orton <jorton@apache.org>
Date: Mon, 21 Jul 2003 12:02:40 +0000 (+0000)
Subject: Prevent segfaults after SSL renegotiation failures.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4241d677c6e62af360b137a710ae8a1c2f38adf5;p=thirdparty%2Fapache%2Fhttpd.git

Prevent segfaults after SSL renegotiation failures.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag
after renegotiation failure.

* modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output):
Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL.
(ssl_filter_io_shutdown): Set aborted flag on abortive shutdown.

PR: 21370
Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Cleaned up by: Jeff Trawick, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100720 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 1760b534d3b..e7cbf96dd5a 100644
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -780,8 +780,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
                                      apr_size_t len)
 {
     ssl_filter_ctx_t *filter_ctx = f->ctx;
-    bio_filter_out_ctx_t *outctx = 
-           (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
+    bio_filter_out_ctx_t *outctx;
     int res;
 
     /* write SSL */
@@ -789,6 +788,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
         return APR_EGENERAL;
     }
 
+    outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
     res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
 
     if (res < 0) {
@@ -1003,6 +1003,11 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
     sslconn->ssl = NULL;
     filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
 
+    if (abortive) {
+        /* prevent any further I/O */
+        c->aborted = 1;
+    }
+
     return APR_SUCCESS;
 }
 
@@ -1362,8 +1367,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
 {
     apr_status_t status = APR_SUCCESS;
     ssl_filter_ctx_t *filter_ctx = f->ctx;
-    bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
-                                 (filter_ctx->pbioRead->ptr);
+    bio_filter_in_ctx_t *inctx;
 
     if (f->c->aborted) {
         apr_brigade_cleanup(bb);
@@ -1375,6 +1379,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
         return ap_pass_brigade(f->next, bb);
     }
 
+    inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
     /* When we are the writer, we must initialize the inctx
      * mode so that we block for any required ssl input, because
      * output filtering is always nonblocking.
diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index 18c987c10d7..a69ee372385 100644
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -706,6 +706,7 @@ int ssl_hook_Access(request_rec *r)
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                              "Re-negotiation request failed");
 
+                r->connection->aborted = 1;
                 return HTTP_FORBIDDEN;
             }
 
@@ -724,6 +725,7 @@ int ssl_hook_Access(request_rec *r)
                              "Re-negotiation handshake failed: "
                         "Not accepted by client!?");
 
+                r->connection->aborted = 1;
                 return HTTP_FORBIDDEN;
             }
         }