httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <b...@wstoddard.com>
Subject client_socket bogosity...
Date Fri, 25 Jan 2002 15:21:16 GMT
One Nov. 12, Ryan committed a patch creating the create_conn hook. The idea was to move
the client_socket out of the conn_rec presumably to make available only to the core_in and
core_out filters.  However, I just found a backdoor...

In core_create_conn() the socket is saved away thusly:
ap_set_module_config(net->c->conn_config, &core_module, csd);

And whoever needs to access the socket does this:
apr_socket_t *csd = ap_get_module_config(f->c->conn_config, &core_module);

So the goal of hiding the socket is completely blown.  The Nov. 11 change added a lot of
complexity to the server (hard to read/understand code) in pursuit of a goal that is then
immediately circumvented by the ap_get|set_module_config. So we made the server more
complex for no reason.

I am on the verge of vetoing the Nov. 12 patch in favor of moving the client_socket back
into the con_rec.

Comments?

Bill


Mime
View raw message