You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/12/06 11:21:46 UTC

svn commit: r354394 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c

Author: jorton
Date: Tue Dec  6 02:21:41 2005
New Revision: 354394

URL: http://svn.apache.org/viewcvs?rev=354394&view=rev
Log:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further
access control checks if SSL is not in use regardless of vhost
settings.

Submitted by: Rüdiger Plüm, Joe Orton
PR: 37791

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=354394&r1=354393&r2=354394&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec  6 02:21:41 2005
@@ -2,6 +2,12 @@
 Changes with Apache 2.3.0
   [Remove entries to the current 2.0 and 2.2 section below, when backported]
 
+  *) mod_ssl: Fix a possible crash during access control checks if a
+     non-SSL request is processed for an SSL vhost (such as the
+     "HTTP request received on SSL port" error message when an 400 
+     ErrorDocument is configured, or if using "SSLEngine optional").
+     PR 37791.  [Rüdiger Plüm, Joe Orton]
+
   *) mod_proxy_balancer: Sticky session identifiers supplied in URL do not work.
      PR37753. [Ruediger Pluem, Kazuhiro Osawa <ko yappo.ne.jp>]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=354394&r1=354393&r2=354394&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Dec  6 02:21:41 2005
@@ -202,11 +202,14 @@
     }
 
     /*
-     * Check to see if SSL protocol is on
+     * Check to see whether SSL is in use; if it's not, then no
+     * further access control checks are relevant.  (the test for
+     * sc->enabled is probably strictly unnecessary)
      */
-    if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
+    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
         return DECLINED;
     }
+
     /*
      * Support for per-directory reconfigured SSL connection parameters.
      *