From: Joe Orton Date: Thu, 10 Jan 2019 15:46:07 +0000 (+0000) Subject: * modules/ssl/ssl_engine_io.c (bio_filter_out_write, X-Git-Tag: 2.5.0-alpha2-ci-test-only~2219 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2bc1ffcb821488e9c90fd6508364585dd4aa28b;p=thirdparty%2Fapache%2Fhttpd.git * modules/ssl/ssl_engine_io.c (bio_filter_out_write, bio_filter_in_read): Clear retry flags before aborting on client-initiated reneg. PR: 63052 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850946 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 37e8314b7ca..210eaeef6f7 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -209,6 +209,8 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl) apr_bucket *e; int need_flush; + BIO_clear_retry_flags(bio); + /* Abort early if the client has initiated a renegotiation. */ if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) { outctx->rc = APR_ECONNABORTED; @@ -218,12 +220,6 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl) ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, outctx->c, "bio_filter_out_write: %i bytes", inl); - /* when handshaking we'll have a small number of bytes. - * max size SSL will pass us here is about 16k. - * (16413 bytes to be exact) - */ - BIO_clear_retry_flags(bio); - /* Use a transient bucket for the output data - any downstream * filter must setaside if necessary. */ e = apr_bucket_transient_create(in, inl, outctx->bb->bucket_alloc); @@ -516,14 +512,14 @@ static int bio_filter_in_read(BIO *bio, char *in, int inlen) if (!in) return 0; + BIO_clear_retry_flags(bio); + /* Abort early if the client has initiated a renegotiation. */ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) { inctx->rc = APR_ECONNABORTED; return -1; } - BIO_clear_retry_flags(bio); - if (!inctx->bb) { inctx->rc = APR_EOF; return -1;