You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/11/01 23:53:36 UTC
cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
jorton 2004/11/01 14:53:36
Modified: modules/ssl ssl_engine_kernel.c
Log:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix possible
NULL pointer dereference in some configurations.
PR: 31848
Revision Changes Path
1.112 +2 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.111
retrieving revision 1.112
diff -d -w -u -r1.111 -r1.112
--- ssl_engine_kernel.c 8 Oct 2004 11:59:33 -0000 1.111
+++ ssl_engine_kernel.c 1 Nov 2004 22:53:36 -0000 1.112
@@ -874,7 +874,8 @@
* - ssl not enabled
* - client did not present a certificate
*/
- if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) && sslconn->ssl && sslconn->client_cert) ||
+ if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
+ && sslconn && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;