From: Colm MacCarthaigh Date: Mon, 23 Jan 2006 19:57:18 +0000 (+0000) Subject: Merge r354394 from trunk: X-Git-Tag: 2.0.56~91 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecc4e8296ac9c8b8288e98f3f0b3feaba27c53f3;p=thirdparty%2Fapache%2Fhttpd.git Merge r354394 from trunk: * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further access control checks if SSL is not in use regardless of vhost settings. Submitted by: rpluem, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@371643 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 3f65abc6168..741dd36384d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,13 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.56 + *) SECURITY: CVE-2005-3357 (cve.mitre.org) + mod_ssl: Fix a possible crash during access control checks if a + non-SSL request is processed for an SSL vhost (such as the + "HTTP request received on SSL port" error message when an 400 + ErrorDocument is configured, or if using "SSLEngine optional"). + PR 37791. [Rüdiger Plüm, Joe Orton] + *) Add ReceiveBufferSize directive to control the TCP receive buffer. [Eric Covener ] diff --git a/STATUS b/STATUS index 5e62acd5d6f..70283acfe95 100644 --- a/STATUS +++ b/STATUS @@ -165,14 +165,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: http://issues.apache.org/bugzilla/attachment.cgi?id=16995 +1: rpluem, colm, trawick - *) mod_ssl: Fix PR37791 (CVEID: CAN-2005-3357) (SEGV if the client is - connection plain to a SSL enabled port) - Trunk version of patch: - http://svn.apache.org/viewcvs.cgi?rev=354394&view=rev - Backport version for 2.0.x of patch: - http://issues.apache.org/bugzilla/attachment.cgi?id=17393 - +1: rpluem, colm, trawick - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ please place SVN revisions from trunk here, so it is easy to identify exactly what the proposed changes are! Add all new diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index eeaf5ea6e99..5086e916307 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -202,11 +202,14 @@ int ssl_hook_Access(request_rec *r) } /* - * Check to see if SSL protocol is on + * Check to see whether SSL is in use; if it's not, then no + * further access control checks are relevant. (the test for + * sc->enabled is probably strictly unnecessary) */ - if (!(sc->enabled || ssl)) { + if (!sc->enabled || !ssl) { return DECLINED; } + /* * Support for per-directory reconfigured SSL connection parameters. *