httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Date Sun, 07 Mar 2004 22:03:16 GMT
jorton      2004/03/07 14:03:16

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
  Log:
  * modules/ssl/ssl_engine_io.c (ssl_io_filter_disable): Don't leak an
  SSL structure for each plain-HTTP-on-SSL-port request.
  
  PR: 27106
  Reviewed by: Jeff Trawick, Justin Erenkrantz
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.248 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.247
  retrieving revision 1.988.2.248
  diff -w -d -u -r1.988.2.247 -r1.988.2.248
  --- CHANGES	6 Mar 2004 17:54:27 -0000	1.988.2.247
  +++ CHANGES	7 Mar 2004 22:03:15 -0000	1.988.2.248
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.49
   
  +  *) SECURITY: CAN-2004-0113 (cve.mitre.org)
  +     mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
  +     PR 27106.  [Joe Orton]
  +
     *) mod_ssl: Fix bug in passphrase handling which could cause spurious
        failures in SSL functions later.  PR 21160.  [Joe Orton]
   
  
  
  
  1.751.2.728 +1 -7      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.727
  retrieving revision 1.751.2.728
  diff -w -d -u -r1.751.2.727 -r1.751.2.728
  --- STATUS	6 Mar 2004 18:35:44 -0000	1.751.2.727
  +++ STATUS	7 Mar 2004 22:03:15 -0000	1.751.2.728
  @@ -103,12 +103,6 @@
         +1: madhum, jerenkrantz, jorton
         (jorton: needs libhttpd.dsp change for Win32 too)
   
  -    * mod_ssl: Fix nasty memory leak for each plain-HTTP-on-SSL-port request.
  -      PR: 27106
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.117&r2=1.118
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.120&r2=1.121
     
  -      +1: jorton, trawick, jerenkrantz
  -
       * mod_setenvif: remove support for remote_user variable which never
         worked at all. PR 25725 (2.0 + 1.3)
           modules/metadata/mod_setenvif.c: r1.50
  
  
  
  No                   revision
  No                   revision
  1.100.2.12 +4 -2      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.100.2.11
  retrieving revision 1.100.2.12
  diff -w -d -u -r1.100.2.11 -r1.100.2.12
  --- ssl_engine_io.c	9 Feb 2004 20:53:20 -0000	1.100.2.11
  +++ ssl_engine_io.c	7 Mar 2004 22:03:16 -0000	1.100.2.12
  @@ -821,9 +821,11 @@
                                  sizeof(HTTP_ON_HTTPS_PORT) - 1, \
                                  alloc)
   
  -static void ssl_io_filter_disable(ap_filter_t *f)
  +static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
   {
       bio_filter_in_ctx_t *inctx = f->ctx;
  +    SSL_free(inctx->ssl);
  +    sslconn->ssl = NULL;
       inctx->ssl = NULL;
       inctx->filter_ctx->pssl = NULL;
   }
  @@ -845,7 +847,7 @@
               ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, f->c->base_server);
   
               sslconn->non_ssl_request = 1;
  -            ssl_io_filter_disable(f);
  +            ssl_io_filter_disable(sslconn, f);
   
               /* fake the request line */
               bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
  
  
  

Mime
View raw message