From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Mon, 28 Jul 2003 02:02:25 +0000 (+0000)
Subject: Assure that we block on the read BIO when we invoke the read BIO for both
X-Git-Tag: 2.0.48~186
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbb314b16cfa9994ef1497526c2b8bbef9909f0a;p=thirdparty%2Fapache%2Fhttpd.git

Assure that we block on the read BIO when we invoke the read BIO for both
first-use cases (via ssl_io_input_add_filter) and when we are writing and
need response from the client (via ssl_io_filter_output).  Both of these
cases are always blocking.

PR: 19242
Submitted by:   David Deaves <David.Deaves@dd.id.au>, William Rowe
Reviewed by:	Justin Erenkrantz, Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@100805 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 7eb8c085ab2..3d1dad1d1ff 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.48
 
+  *) Assure that we block properly when reading input bodies with SSL.
+     PR 19242.  [David Deaves <David.Deaves@dd.id.au>, William Rowe]
+
   *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]
 
   *) mod_ext_filter: Set additional environment variables for use by
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index cd3aaf0df71..9daefee9c3b 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1275,6 +1275,8 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
 {
     apr_status_t status = APR_SUCCESS;
     ssl_filter_ctx_t *filter_ctx = f->ctx;
+    bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
+                                 (filter_ctx->pbioRead->ptr);
 
     if (f->c->aborted) {
         apr_brigade_cleanup(bb);
@@ -1286,6 +1288,13 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
         return ap_pass_brigade(f->next, bb);
     }
 
+    /* When we are the writer, we must initialize the inctx
+     * mode so that we block for any required ssl input, because
+     * output filtering is always nonblocking.
+     */
+    inctx->mode = AP_MODE_READBYTES;
+    inctx->block = APR_BLOCK_READ;
+
     if ((status = ssl_io_filter_connect(filter_ctx)) != APR_SUCCESS) {
         return ssl_io_filter_error(f, bb, status);
     }
@@ -1359,15 +1368,16 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
     filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
     filter_ctx->pbioRead->ptr = (void *)inctx;
 
-    inctx->filter_ctx = filter_ctx;
     inctx->ssl = ssl;
     inctx->bio_out = filter_ctx->pbioWrite;
     inctx->f = filter_ctx->pInputFilter;
-    inctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
-
+    inctx->rc = APR_SUCCESS;
+    inctx->mode = AP_MODE_READBYTES;
     inctx->cbuf.length = 0;
-
+    inctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
+    inctx->block = APR_BLOCK_READ;
     inctx->pool = c->pool;
+    inctx->filter_ctx = filter_ctx;
 }
 
 void ssl_io_filter_init(conn_rec *c, SSL *ssl)