From f65853036badf9ba1d0c3876627d8db48f18cd8d Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 23 Aug 2004 14:59:52 +0000
Subject: [PATCH] Backport from HEAD:

* acinclude.m4: Pick up OpenSSL libs/cflags from pkg-config.

* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential
infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_init): Use an
anonymous shm segment by default or fall back on name-based shm.

PR: 18989, 21335, 29964
Submitted by: jerenkrantz, jorton
Reviewed by: jerenkrantz, trawick, jorton, nd, minfrin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104768 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                        |  8 ++++++++
 STATUS                         | 18 +-----------------
 acinclude.m4                   |  7 +++++++
 modules/ssl/ssl_engine_io.c    |  4 ++++
 modules/ssl/ssl_scache_shmcb.c | 17 +++++++++++++----
 5 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/CHANGES b/CHANGES
index b87f0952ce3..a109d3ec96c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,13 @@
 Changes with Apache 2.0.51
 
+  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
+
+  *) SECURITY: CAN-2004-0748 (cve.mitre.org)
+     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
+
+  *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
+     PR 18989.  [Joe Orton]
+
   *) mod_userdir: Ensure that the userdir identity is used for
      suexec userdir access in a virtual host which has suexec configured.  
      PR 18156.  [Joshua Slive]
diff --git a/STATUS b/STATUS
index b341c58184c..9b84741f4da 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/20 21:17:39 $]
+Last modified at [$Date: 2004/08/23 14:59:51 $]
 
 Release:
 
@@ -83,16 +83,6 @@ PATCHES TO BACKPORT FROM 2.1
        PR: 30134
        +1: jorton
 
-    *) [SECURITY] mod_ssl: Fix potential infinite loop.
-       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125
-       PR: 29964
-       +1: jorton, nd, jerenkrantz
-
-    *) mod_ssl: Use anon shm in shmcb by default.
-       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_scache_shmcb.c?r1=1.23&r2=1.24
-       PR: 21335
-       +1: jorton, minfrin, nd
-
     *) apachectl: Fix a problem finding envvars if sbindir != bindir.
        PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]
          http://cvs.apache.org/viewcvs.cgi/httpd-2.0/support/apachectl.in?r1=1.22&r2=1.23
@@ -386,12 +376,6 @@ PATCHES TO BACKPORT FROM 2.1
       which integrates the two rounds of changes)
       +1 concept: trawick, nd
 
-    * Work around RedHat bug 82359 (openssl requires pkg-config):
-        http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=82369
-      Patch (2.1 version already committed, 2.0 has diff OpenSSL config logic):
-        http://www.apache.org/~jerenkrantz/httpd-openssl-pkgconfig.patch
-      +1: jerenkrantz, trawick, jorton
-
 CURRENT RELEASE NOTES:
 
     * Backwards compatibility is expected of future Apache 2.0 releases,
diff --git a/acinclude.m4 b/acinclude.m4
index 0b8086e6cba..66bf6506de5 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -489,6 +489,13 @@ if test "x$ap_ssltk_base" = "x"; then
     fi
   fi
   APR_ADDTO(LIBS, [-lssl -lcrypto])
+  pkg-config openssl 2> /dev/null
+  if test $? -eq 0; then
+    ap_ssltk_incdep=`pkg-config --cflags-only-I openssl`
+    APR_ADDTO(INCLUDES, $ap_ssltk_incdep)
+    ap_ssltk_libdep=`pkg-config --libs openssl`
+    APR_ADDTO(LIBS, $ap_ssltk_libdep)
+  fi
   ap_cv_ssltk="$ap_ssltk_base"
 fi
 ])
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 1304f7f5a4d..ff8eb81b45f 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -587,6 +587,10 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
     while (1) {
 
         if (!inctx->filter_ctx->pssl) {
+            /* Ensure a non-zero error code is returned */
+            if (inctx->rc == APR_SUCCESS) {
+                inctx->rc = APR_EGENERAL;
+            }
             break;
         }
 
diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c
index 06c1ed0873f..3ed4569dc53 100644
--- a/modules/ssl/ssl_scache_shmcb.c
+++ b/modules/ssl/ssl_scache_shmcb.c
@@ -339,10 +339,19 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
         ssl_die();
     }
 
-    if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), 
-                             mc->nSessionCacheDataSize, 
-                             mc->szSessionCacheDataFile,
-                             mc->pPool)) != APR_SUCCESS) {
+    /* Use anonymous shm by default, fall back on name-based. */
+    rv = apr_shm_create(&(mc->pSessionCacheDataMM), 
+                        mc->nSessionCacheDataSize, 
+                        NULL, mc->pPool);
+    
+    if (APR_STATUS_IS_ENOTIMPL(rv)) {
+        rv = apr_shm_create(&(mc->pSessionCacheDataMM), 
+                            mc->nSessionCacheDataSize, 
+                            mc->szSessionCacheDataFile,
+                            mc->pPool);
+    }
+
+    if (rv != APR_SUCCESS) {
         char buf[100];
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "Cannot allocate shared memory: (%d)%s", rv,
-- 
2.47.2