httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29690] - allocator_free() crashes because of NULL-Pointer inside SSL_smart_shutdown()
Date Sat, 19 Jun 2004 23:26:39 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29690>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29690

allocator_free() crashes because of NULL-Pointer inside SSL_smart_shutdown()





------- Additional Comments From cra@gedas.de  2004-06-19 23:26 -------
Possible workaround found: Make SSL shutdown a quiet one. 
Changed ssl_util_ssl.c, added 'ssl->quiet_shutdown = 1;' before OpenSSL's 
SSL_shutdown() is called:

int SSL_smart_shutdown(SSL *ssl)
{
    int i;
    int rc;

    /*
     * Repeat the calls, because SSL_shutdown internally dispatches through a
     * little state machine. Usually only one or two interation should be
     * needed, so we restrict the total number of restrictions in order to
     * avoid process hangs in case the client played bad with the socket
     * connection and OpenSSL cannot recognize it.
     */
    rc = 0;
    ssl->quiet_shutdown = 1;
    for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
        if ((rc = SSL_shutdown(ssl)))
            break;
    }
    return rc;
}

This removes the error completely, however I am not 100% sure about security 
issues (when does the client not get an abort notification, and when is that 
dangerous?)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message