From: Doug MacEachern Date: Wed, 13 Mar 2002 06:41:46 +0000 (+0000) Subject: SSL_SESSION_id2sz() was NOT THREAD SAFE. it returned a pointer to a X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=776cd031c415715d475a65be3165b4db692bf394;p=thirdparty%2Fapache%2Fhttpd.git SSL_SESSION_id2sz() was NOT THREAD SAFE. it returned a pointer to a static variable. fixed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93899 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c index 5ae11afc0d8..7c5e11dfd98 100644 --- a/ssl_engine_kernel.c +++ b/ssl_engine_kernel.c @@ -1606,11 +1606,14 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) * Log this cache operation */ if (sc->nLogLevel >= SSL_LOG_TRACE) { + char buf[SSL_SESSION_ID_STRING_LEN]; + ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: " "request=SET status=%s id=%s timeout=%ds (session caching)", (rc == TRUE ? "OK" : "BAD"), - SSL_SESSION_id2sz(session_id, session_id_length), + SSL_SESSION_id2sz(session_id, session_id_length, + buf, sizeof(buf)), (timeout - time(NULL))); } @@ -1647,12 +1650,15 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl, * Log this cache operation */ if (sc->nLogLevel >= SSL_LOG_TRACE) { + char buf[SSL_SESSION_ID_STRING_LEN]; const char *status = session ? "FOUND" : "MISSED"; const char *re = session ? "reuse" : "renewal"; ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: " "request=GET status=%s id=%s (session %s)", - status, SSL_SESSION_id2sz(id, idlen), re); + status, + SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)), + re); } /* @@ -1701,9 +1707,11 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, * Log this cache operation */ if (sc->nLogLevel >= SSL_LOG_TRACE) { + char buf[SSL_SESSION_ID_STRING_LEN]; ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: " "request=REM status=OK id=%s (session dead)", - SSL_SESSION_id2sz(session_id, session_id_length)); + SSL_SESSION_id2sz(session_id, session_id_length, + buf, sizeof(buf))); } return; diff --git a/ssl_util_ssl.c b/ssl_util_ssl.c index b68ed6685e1..d3792a14e5b 100644 --- a/ssl_util_ssl.c +++ b/ssl_util_ssl.c @@ -535,15 +535,15 @@ int SSL_CTX_use_certificate_chain( ** _________________________________________________________________ */ -char *SSL_SESSION_id2sz(unsigned char *id, int idlen) +char *SSL_SESSION_id2sz(unsigned char *id, int idlen, + char *str, int strsize) { - static char str[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2]; char *cp; int n; cp = str; for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) { - apr_snprintf(cp, sizeof(str)-(cp-str), "%02X", id[n]); + apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); cp += 2; } *cp = NUL; diff --git a/ssl_util_ssl.h b/ssl_util_ssl.h index 150254de739..66686fe3918 100644 --- a/ssl_util_ssl.h +++ b/ssl_util_ssl.h @@ -80,6 +80,10 @@ */ #define SSL_SESSION_MAX_DER 1024*10 +/* max length for SSL_SESSION_id2sz */ +#define SSL_SESSION_ID_STRING_LEN \ + ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2) + /* * Additional Functions */ @@ -100,6 +104,6 @@ BOOL SSL_load_CrtAndKeyInfo_file(apr_pool_t *, STACK_OF(X509_INFO) *, cha BOOL SSL_load_CrtAndKeyInfo_path(apr_pool_t *, STACK_OF(X509_INFO) *, char *); #endif /* SSL_EXPERIMENTAL_PROXY */ int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*)); -char *SSL_SESSION_id2sz(unsigned char *, int); +char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); #endif /* __SSL_UTIL_SSL_H__ */