httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1855646 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c modules/ssl/mod_ssl.c
Date Sat, 16 Mar 2019 13:45:17 GMT
Author: ylavic
Date: Sat Mar 16 13:45:17 2019
New Revision: 1855646

URL: http://svn.apache.org/viewvc?rev=1855646&view=rev
Log:
mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy conns.

The SSL dir config of proxy/backend connections is stored in r->per_dir_config
but those connections have a lifetime independent of the requests they handle.

So we need to allow the external ssl_engine_set() function to reset mod_ssl's
dir config in between proxy requests, or the first sslconn->dc could be used
after free for the next requests.

mod_proxy can then reset/reinit the request config when recycling its backend
connections.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/proxy/proxy_util.c
    httpd/httpd/trunk/modules/ssl/mod_ssl.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1855646&r1=1855645&r2=1855646&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Mar 16 13:45:17 2019
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
+     connection is recycled/reused to avoid a possible crash with some SSLProxy
+     configurations in <Location> or <Proxy> context. PR 63256. [Yann Ylavic]
+
   *) mod_mime: Add `MimeOptions` directive to allow Content-Type or all metadata
      detection to use only the last (right-most) file extension. [Eric Covener]
 

Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1855646&r1=1855645&r2=1855646&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/trunk/modules/proxy/proxy_util.c Sat Mar 16 13:45:17 2019
@@ -1522,6 +1522,13 @@ static apr_status_t connection_cleanup(v
         socket_cleanup(conn);
         conn->close = 0;
     }
+    else if (conn->is_ssl) {
+        /* Unbind/reset the SSL connection dir config (sslconn->dc) from
+         * r->per_dir_config, r will likely get destroyed before this proxy
+         * conn is reused.
+         */
+        ap_proxy_ssl_engine(conn->connection, worker->section_config, 1);
+    }
 
     if (worker->s->hmax && worker->cp->res) {
         conn->inreslist = 1;
@@ -3238,6 +3245,12 @@ static int proxy_connection_create(const
     apr_bucket_alloc_t *bucket_alloc;
 
     if (conn->connection) {
+        if (conn->is_ssl) {
+            /* on reuse, reinit the SSL connection dir config with the current
+             * r->per_dir_config, the previous one was reset on release.
+             */
+            ap_proxy_ssl_engine(conn->connection, per_dir_config, 1);
+        }
         return OK;
     }
 

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1855646&r1=1855645&r2=1855646&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Sat Mar 16 13:45:17 2019
@@ -486,17 +486,31 @@ static int ssl_hook_pre_config(apr_pool_
 }
 
 static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
-                                           ap_conf_vector_t *per_dir_config)
+                                           ap_conf_vector_t *per_dir_config,
+                                           int new_proxy)
 {
     SSLConnRec *sslconn = myConnConfig(c);
-    SSLSrvConfigRec *sc;
 
-    if (sslconn) {
-        return sslconn;
-    }
+    if (!sslconn) {
+        sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
 
-    sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
+        sslconn->server = c->base_server;
+        sslconn->verify_depth = UNSET;
+        if (new_proxy) {
+            sslconn->is_proxy = 1;
+            sslconn->cipher_suite = sslconn->dc->proxy->auth.cipher_suite;
+        }
+        else {
+            SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+            sslconn->cipher_suite = sc->server->auth.cipher_suite;
+        }
 
+        myConnConfigSet(c, sslconn);
+    }
+
+    /* Reinit dc in any case because it may be r->per_dir_config scoped
+     * and thus a caller like mod_proxy needs to update it per request.
+     */
     if (per_dir_config) {
         sslconn->dc = ap_get_module_config(per_dir_config, &ssl_module);
     }
@@ -505,13 +519,6 @@ static SSLConnRec *ssl_init_connection_c
                                            &ssl_module);
     }
 
-    sslconn->server = c->base_server;
-    sslconn->verify_depth = UNSET;
-    sc = mySrvConfig(c->base_server);
-    sslconn->cipher_suite = sc->server->auth.cipher_suite;
-
-    myConnConfigSet(c, sslconn);
-
     return sslconn;
 }
 
@@ -551,8 +558,7 @@ static int ssl_engine_set(conn_rec *c,
     int status;
     
     if (proxy) {
-        sslconn = ssl_init_connection_ctx(c, per_dir_config);
-        sslconn->is_proxy = 1;
+        sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
     }
     else {
         sslconn = myConnConfig(c);
@@ -599,7 +605,7 @@ int ssl_init_ssl_connection(conn_rec *c,
     /*
      * Create or retrieve SSL context
      */
-    sslconn = ssl_init_connection_ctx(c, r ? r->per_dir_config : NULL);
+    sslconn = ssl_init_connection_ctx(c, r ? r->per_dir_config : NULL, 0);
     server = sslconn->server;
     sc = mySrvConfig(server);
 



Mime
View raw message