Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 24863 invoked from network); 7 Jul 2004 23:49:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 7 Jul 2004 23:49:42 -0000 Received: (qmail 13587 invoked by uid 500); 7 Jul 2004 23:49:52 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 13374 invoked by uid 500); 7 Jul 2004 23:49:51 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: "Apache HTTPD Bugs Notification List" Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 13359 invoked by uid 99); 7 Jul 2004 23:49:51 -0000 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [192.18.33.10] (HELO exchange.sun.com) (192.18.33.10) by apache.org (qpsmtpd/0.27.1) with SMTP; Wed, 07 Jul 2004 16:49:48 -0700 Received: (qmail 18769 invoked by uid 50); 7 Jul 2004 23:50:52 -0000 Date: 7 Jul 2004 23:50:52 -0000 Message-ID: <20040707235052.18768.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: bugs@httpd.apache.org Cc: Subject: DO NOT REPLY [Bug 29964] New: - non-terminating i/o X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29964 non-terminating i/o Summary: non-terminating i/o Product: Apache httpd-2.0 Version: 2.0.48 Platform: All OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: mod_ssl AssignedTo: bugs@httpd.apache.org ReportedBy: fwai@rsasecurity.com I'm seeing a non-terminating loop in ssl_io_input_getline(). We used a 3rd party tool to send a request to our Apache server. The tool tried to present an expired certificate to a SSL enabled vhost and Apache correctly refused the correction. But, it set Apache to spin out of control. I'm a complete outsider of the Apache/mod_ssl code. But this is what I found. As mentioned, Apache did shutdown the filter's SSL connection. However, it continued to read in GETLINE/blocking mode the rest of the request. Here comes the problem. ssl_io_input_getline() calls ssl_io_input_read() to read to a LF or the max. of the buffer can handle, whichever comes first. But, ssl_io_input_read() realizes the filter's SSL connection has been shutdown, it returns with the last known status of the BIO which was created to read from this SSL connection. It also set the returned length to 0. Unfortunately, the caller get APR_SUCCESS return code and because the returned length is 0, the remaining buffer length does not get changed at all. Because the return code is always APR_SUCCESS and because the returned length is always 0 and the buffer is not full, ssl_io_input_getline() keeps calling ssl_io_input_read(). It goes on forever! --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org