You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/12/05 17:04:53 UTC
DO NOT REPLY [Bug 37791] New: -
SEGV if the client is connection plain to a SSL enabled port
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37791>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791
Summary: SEGV if the client is connection plain to a SSL enabled
port
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: Other
OS/Version: other
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: Hartmut.Keil@adnovum.ch
Consider the following configuration:
ErrorDocument 400 /server_error.html
Listen some.server.com:443
<VirtualHost some.server.com:443>
ServerName some.server.com:443
SSLEngine On
SSLProtocol +TLSv1 +SSLv3
SSLCipherSuite !EXPORT56:RC4-MD5:DES-CBC3-SHA:EXP-RC4-MD5
SSLOptions +OptRenegotiate +StdEnvVars
SSLCertificateFile server-cert.pem
<Location / >
SSLCipherSuite DES-CBC3-SHA
</Location>
</VirtualHost>
If a client is connection plain to the SSL port, the server cores with the
following stack: (debug build on solaris)
dummy_worker(opaque = 0x156088)
worker_thread(thd = 0x156088, dummy = 0x22b020)
process_socket(p = 0x23a4a8, sock = 0x23a4e0, my_child_num = 0, my_thread_num =
9, bucket_alloc = 0x23c4b0)
ap_process_connection(c = 0x23a5d0, csd = 0x23a4e0)
ap_run_process_connection(0x23a5d0, 0x23a4e0, 0x23a4e0, 0x9, 0x23a5c8, 0x23c4b0)
ap_process_http_connection(c = 0x23a5d0)
ap_read_request(conn = 0x23a5d0)
ap_die(type = 400, r = 0x244500)
ap_internal_redirect(new_uri = 0x150410 "/server_error.html", r = 0x244500)
ap_process_request_internal(r = 0x245388)
ap_run_access_checker(0x245388, 0xfee9630c, 0x245c92, 0xffffffff, 0xfffffff8,
0x245510)
ssl_hook_Access(r = 0x245388)
SSL_get_current_cipher(s = (nil))
The problems is that by ap_internal_redirect the ssl_hook_Access(..)
will now be called, and that method does not handle the case ssl == NULL.
Fix:
do not run the access-checker-hooks for the error handling
Config workaround:
Configure also 'SSSLRequire' if you configure 'SSLSLCipherSuite'
for any location.
We tested the described behaviour with apache/2.0.53 and apache/2.1.9
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org