From: Kaspar Brand Date: Wed, 9 Apr 2014 09:35:41 +0000 (+0000) Subject: Only read "active" values from the key_files array. PR 56306. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91590d4cb6867f55afb9776b4940c3aeec041064;p=thirdparty%2Fapache%2Fhttpd.git Only read "active" values from the key_files array. PR 56306. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1585918 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 6d63e906a17..a6079bff91f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values + (and logging garbled file names). PR 56306. [Kaspar Brand] + *) mod_proxy_fcgi: Fix sending of response without some HTTP headers that might be set by filters. [Jim Riggs ] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index ab5fa5e51a3..cbc4a7433d0 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -914,9 +914,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s, } /* and second, the private key */ - keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); - if (keyfile == NULL) + if (i < mctx->pks->key_files->nelts) { + keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); + } else { keyfile = certfile; + } ERR_clear_error();