From: Sander Striker Date: Sat, 27 Sep 2003 18:47:05 +0000 (+0000) Subject: Backport from 2.1. X-Git-Tag: 2.0.48~44 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bc5ff739d4e25e999d98280e885d9a2912979c9;p=thirdparty%2Fapache%2Fhttpd.git Backport from 2.1. *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370 [Hartmut Keil ] Reviewed by: Jeff Trawick, Joe Orton, Sander Striker git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@101332 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index d8b7cca0720..19f4f148d89 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 2.0.48 + *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370 + [Hartmut Keil ] + *) mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. diff --git a/STATUS b/STATUS index 08ce875cb84..80eab2e17f0 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2003/09/27 18:34:56 $] +Last modified at [$Date: 2003/09/27 18:47:05 $] Release: @@ -233,11 +233,6 @@ PATCHES TO PORT FROM 2.1 nd replies: Sure. 1.53 fixes that. +1: fielding, nd, jerenkrantz, erikabele - * mod_ssl: Fix segfaults after renegotiation failure. PR 21370 - modules/ssl/ssl_engine_io.c: r1.110 - modules/ssl/ssl_engine_kernel.c: r1.196 - +1: trawick, jorton, striker - * More ab fixes; r1.129 fixes what looks like a trivial error in the SSL support; r1.130 adds some state-handling fixes related to ab's breakage in 2.0.47 diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 9daefee9c3b..89846954049 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -780,8 +780,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, apr_size_t len) { ssl_filter_ctx_t *filter_ctx = f->ctx; - bio_filter_out_ctx_t *outctx = - (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr); + bio_filter_out_ctx_t *outctx; int res; /* write SSL */ @@ -789,6 +788,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, return APR_EGENERAL; } + outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr; res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len); if (res < 0) { @@ -1003,6 +1003,11 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, sslconn->ssl = NULL; filter_ctx->pssl = NULL; /* so filters know we've been shutdown */ + if (abortive) { + /* prevent any further I/O */ + c->aborted = 1; + } + return APR_SUCCESS; } @@ -1275,8 +1280,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, { apr_status_t status = APR_SUCCESS; ssl_filter_ctx_t *filter_ctx = f->ctx; - bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *) - (filter_ctx->pbioRead->ptr); + bio_filter_in_ctx_t *inctx; if (f->c->aborted) { apr_brigade_cleanup(bb); @@ -1288,6 +1292,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, return ap_pass_brigade(f->next, bb); } + inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr; /* When we are the writer, we must initialize the inctx * mode so that we block for any required ssl input, because * output filtering is always nonblocking. diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 76154dcc768..3af0a890da3 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -696,6 +696,7 @@ int ssl_hook_Access(request_rec *r) ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "Re-negotiation request failed"); + r->connection->aborted = 1; return HTTP_FORBIDDEN; } @@ -710,6 +711,7 @@ int ssl_hook_Access(request_rec *r) "Re-negotiation handshake failed: " "Not accepted by client!?"); + r->connection->aborted = 1; return HTTP_FORBIDDEN; } }