apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chad Fox" <c...@gigapogo.com>
Subject [PATCH] seg fault in apr_ssl_openssl.c
Date Tue, 13 Feb 2007 15:39:44 GMT
In the event that SSL_accept fails, openssl_get_error is called with
newSock passed as the apr_ssl_socket_t argument.  openssl_get_error
expects to be able to access the element sslData->ssl of that structure,
which hasn't been initialized.  This can result in a seg fault if the
accept fails.  Moving the population of the structure before the
SSL_accept.

-START PATCH-------------------------------------------------------

Index: ssl/apr_ssl_openssl.c
===================================================================
--- ssl/apr_ssl_openssl.c       (revision 507043)
+++ ssl/apr_ssl_openssl.c       (working copy)
@@ -200,14 +200,15 @@
         return -1;
     SSL_set_fd(sslData->ssl, fd);

+    newSock->pool = pool;
+    newSock->sslData = sslData;
+    newSock->factory = oldSock->factory;
+
     if ((sslOp = SSL_accept(sslData->ssl)) != 1) {
         openssl_get_error(newSock, sslOp);
         return -1;
     }

-    newSock->pool = pool;
-    newSock->sslData = sslData;
-    newSock->factory = oldSock->factory;
     return APR_SUCCESS;
 }

-END PATCH---------------------------------------------------------

Chad Fox
chad@gigapogo.com




Mime
View raw message