httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 20852] New: - ssl_var_lookup needs to check for sslconn
Date Wed, 18 Jun 2003 05:25:47 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20852>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20852

ssl_var_lookup needs to check for sslconn

           Summary: ssl_var_lookup needs to check for sslconn
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: martin@v.loewis.de


When invoking ssl_var_lookup through APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup),
it crashes when the connection is not an SSL connection, and the variable is
"SSL_CLIENT_S_DN". In that case, ssl_var_lookup_ssl retrieves myConnConfig(c),
which returns NULL, and then accesses ssl = sslconn->ssl; which crashes.

There is apparently no way for the caller to find out whether the current
connection is an SSL connection (e.g. querying for "HTTPS" causes the same
crash). Therefore, I think mod_ssl should handle such calls gracefully,
returning NULL if an SSL_ variable is requested but no SSL connection is
established.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message