From: Doug MacEachern <dougm@apache.org>
Date: Wed, 21 Nov 2001 22:58:28 +0000 (+0000)
Subject: get rid of SSL_get_app_data2_idx() which had a race condition when
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44b639d47844592491ce78e779e923c34ae2b937;p=thirdparty%2Fapache%2Fhttpd.git

get rid of SSL_get_app_data2_idx() which had a race condition when
writing to app_data2_idx, and another inside OpenSSL when calling
SSL_get_ex_new_index().
add SSL_init_app_data2_idx() to provide the same functionality but in
a safe place: called during ssl_init_Module
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92110 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_init.c b/ssl_engine_init.c
index 2e5d27fe3ba..02c68b9d603 100644
--- a/ssl_engine_init.c
+++ b/ssl_engine_init.c
@@ -264,6 +264,7 @@ void ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE"));
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY"));
 
+    SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
     return;
 }
 
diff --git a/ssl_util_ssl.c b/ssl_util_ssl.c
index 8f3f8fe2d5b..cc5d6cf04bd 100644
--- a/ssl_util_ssl.c
+++ b/ssl_util_ssl.c
@@ -65,27 +65,39 @@
 **  _________________________________________________________________
 */
 
-int SSL_get_app_data2_idx(void)
+/* we initialize this index at startup time
+ * and never write to it at request time,
+ * so this static is thread safe.
+ * also note that OpenSSL increments at static variable when
+ * SSL_get_ex_new_index() is called, so we _must_ do this at startup.
+ */
+static int SSL_app_data2_idx = -1;
+
+void SSL_init_app_data2_idx(void)
 {
-   static int app_data2_idx = -1;
-
-   if (app_data2_idx < 0) {
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-   }
-   return(app_data2_idx);
+    int i;
+
+    if (SSL_app_data2_idx > -1) {
+        return;
+    }
+
+    /* we _do_ need to call this twice */
+    for (i=0; i<=1; i++) {
+        SSL_app_data2_idx =
+            SSL_get_ex_new_index(0,
+                                 "Second Application Data for SSL",
+                                 NULL, NULL, NULL);
+    }
 }
 
 void *SSL_get_app_data2(SSL *ssl)
 {
-    return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());
+    return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
 }
 
 void SSL_set_app_data2(SSL *ssl, void *arg)
 {
-    SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg);
+    SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
     return;
 }
 
diff --git a/ssl_util_ssl.h b/ssl_util_ssl.h
index 31acd897dc3..ec6086a335b 100644
--- a/ssl_util_ssl.h
+++ b/ssl_util_ssl.h
@@ -91,7 +91,7 @@
 /*  
  *  Additional Functions
  */
-int         SSL_get_app_data2_idx(void);
+void        SSL_init_app_data2_idx(void);
 void       *SSL_get_app_data2(SSL *);
 void        SSL_set_app_data2(SSL *, void *);
 X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));