httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29964] New: - non-terminating i/o
Date Wed, 07 Jul 2004 23:50:52 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29964>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29964

non-terminating i/o

           Summary: non-terminating i/o
           Product: Apache httpd-2.0
           Version: 2.0.48
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: fwai@rsasecurity.com


I'm seeing a non-terminating loop in ssl_io_input_getline().

We used a 3rd party tool to send a request to our Apache server. The tool tried 
to present an expired certificate to a SSL enabled vhost and Apache correctly 
refused the correction. But, it set Apache to spin out of control.

I'm a complete outsider of the Apache/mod_ssl code. But this is what I found. 
As mentioned, Apache did shutdown the filter's SSL connection. However, it 
continued to read in GETLINE/blocking mode the rest of the request. Here comes 
the problem. ssl_io_input_getline() calls ssl_io_input_read() to read to a LF 
or the max. of the buffer can handle, whichever comes first. But, 
ssl_io_input_read() realizes the filter's SSL connection has been shutdown, it 
returns with the last known status of the BIO which was created to read from 
this SSL connection. It also set the returned length to 0. Unfortunately, the 
caller get APR_SUCCESS return code and because the returned length is 0, the 
remaining buffer length does not get changed at all. 

Because the return code is always APR_SUCCESS and because the returned length 
is always 0 and the buffer is not full, ssl_io_input_getline() keeps calling 
ssl_io_input_read(). It goes on forever!

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message