You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by st...@apache.org on 2003/09/27 20:47:06 UTC
cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c ssl_engine_kernel.c
striker 2003/09/27 11:47:06
Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS
modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
ssl_engine_kernel.c
Log:
Backport from 2.1.
*) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
[Hartmut Keil <Ha...@adnovum.ch>]
Reviewed by: Jeff Trawick, Joe Orton, Sander Striker
Revision Changes Path
No revision
No revision
1.988.2.162 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.161
retrieving revision 1.988.2.162
diff -u -r1.988.2.161 -r1.988.2.162
--- CHANGES 27 Sep 2003 18:34:55 -0000 1.988.2.161
+++ CHANGES 27 Sep 2003 18:47:05 -0000 1.988.2.162
@@ -1,5 +1,8 @@
Changes with Apache 2.0.48
+ *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
+ [Hartmut Keil <Ha...@adnovum.ch>]
+
*) mod_autoindex: If a directory contains a file listed in the
DirectoryIndex directive, the folder icon is no longer replaced
by the icon of that file. PR 9587.
1.751.2.488 +1 -6 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.487
retrieving revision 1.751.2.488
diff -u -r1.751.2.487 -r1.751.2.488
--- STATUS 27 Sep 2003 18:34:56 -0000 1.751.2.487
+++ STATUS 27 Sep 2003 18:47:05 -0000 1.751.2.488
@@ -233,11 +233,6 @@
nd replies: Sure. 1.53 fixes that.
+1: fielding, nd, jerenkrantz, erikabele
- * mod_ssl: Fix segfaults after renegotiation failure. PR 21370
- modules/ssl/ssl_engine_io.c: r1.110
- modules/ssl/ssl_engine_kernel.c: r1.196
- +1: trawick, jorton, striker
-
* More ab fixes; r1.129 fixes what looks like a trivial error in the
SSL support; r1.130 adds some state-handling fixes related to
ab's breakage in 2.0.47
No revision
No revision
1.100.2.6 +9 -4 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.100.2.5
retrieving revision 1.100.2.6
diff -u -r1.100.2.5 -r1.100.2.6
--- ssl_engine_io.c 28 Jul 2003 02:02:24 -0000 1.100.2.5
+++ ssl_engine_io.c 27 Sep 2003 18:47:05 -0000 1.100.2.6
@@ -780,8 +780,7 @@
apr_size_t len)
{
ssl_filter_ctx_t *filter_ctx = f->ctx;
- bio_filter_out_ctx_t *outctx =
- (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
+ bio_filter_out_ctx_t *outctx;
int res;
/* write SSL */
@@ -789,6 +788,7 @@
return APR_EGENERAL;
}
+ outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
if (res < 0) {
@@ -1003,6 +1003,11 @@
sslconn->ssl = NULL;
filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
+ if (abortive) {
+ /* prevent any further I/O */
+ c->aborted = 1;
+ }
+
return APR_SUCCESS;
}
@@ -1275,8 +1280,7 @@
{
apr_status_t status = APR_SUCCESS;
ssl_filter_ctx_t *filter_ctx = f->ctx;
- bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
- (filter_ctx->pbioRead->ptr);
+ bio_filter_in_ctx_t *inctx;
if (f->c->aborted) {
apr_brigade_cleanup(bb);
@@ -1288,6 +1292,7 @@
return ap_pass_brigade(f->next, bb);
}
+ inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
/* When we are the writer, we must initialize the inctx
* mode so that we block for any required ssl input, because
* output filtering is always nonblocking.
1.82.2.9 +2 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.82.2.8
retrieving revision 1.82.2.9
diff -u -r1.82.2.8 -r1.82.2.9
--- ssl_engine_kernel.c 8 Aug 2003 09:37:54 -0000 1.82.2.8
+++ ssl_engine_kernel.c 27 Sep 2003 18:47:05 -0000 1.82.2.9
@@ -696,6 +696,7 @@
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation request failed");
+ r->connection->aborted = 1;
return HTTP_FORBIDDEN;
}
@@ -710,6 +711,7 @@
"Re-negotiation handshake failed: "
"Not accepted by client!?");
+ r->connection->aborted = 1;
return HTTP_FORBIDDEN;
}
}