httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: Apache 1.3.26 + mod_ssl 2.8.10 dumps core
Date Fri, 09 Aug 2002 00:16:49 GMT
Sorry for this blast-o-gram. I realized that the patch that I'd posted was
totally a wrong one - and did not achieve what it was meant for :-(.
For those interested, here's something which is pretty close to what I'd
intented).

Thanks
-Madhu

diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c
apache_1.3.26/src/modules/ssl/ssl_engine_io.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c    Fri Aug  2 13:44:24
2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_io.c       Thu Aug  8 16:38:09
2002
@@ -346,6 +346,14 @@

     if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
         rc = SSL_read(ssl, buf, len);
+
+        c = (conn_rec *)SSL_get_app_data(ssl);
+        if (c->aborted) {
+            ssl->rwstate = SSL_NOTHING;
+            ssl_hook_CloseConnection(c);
+            return -1;
+        }
+
         /*
          * Simulate an EINTR in case OpenSSL wants to read more.
          * (This is usually the case when the client forces an SSL
@@ -380,6 +388,14 @@

     if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
         rc = SSL_write(ssl, buf, len);
+
+        c = (conn_rec *)SSL_get_app_data(ssl);
+        if (c->aborted) {
+            ssl->rwstate = SSL_NOTHING;
+            ssl_hook_CloseConnection(c);
+            return -1;
+        }
+
         /*
          * Simulate an EINTR in case OpenSSL wants to write more.
          */
diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c
apache_1.3.26/src/
modules/ssl/ssl_engine_kernel.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c        Fri Aug  2
13:44
:24 2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_kernel.c   Thu Aug  8 16:19:31
2002
@@ -457,6 +457,9 @@
     if (ssl == NULL)
         return;

+    if (SSL_want_read(ssl) || SSL_want_write(ssl))
+        return;
+
     /*
      * First make sure that no more data is pending in Apache's BUFF,
      * because when it's (implicitly) flushed later by the ap_bclose()


----------------------------------------------------------------------------
---


-----Original Message-----
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:madhusudan_mathihalli@hp.com]
Sent: Sunday, August 04, 2002 10:08 AM
To: 'dev@httpd.apache.org'
Cc: 'modssl-users@modssl.org'
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core


Hi,
	I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
   -----------------------------------------------
   <html>
   <head><title>side_menu.htm</title></head>
   <body>
    <p></p>
    <p><a href="./10mb.pdf">pdf-test</font></a></p>
   </body>
   </html>
   ------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c     9 Jul 2002 15:26:26 -0000       1.325
+++ http_protocol.c     4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
     if (length == 0)
         return 0;

-    ap_soft_timeout("send body", r);
+    ap_hard_timeout("send body", r);

     while (!r->connection->aborted) {
         if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)

Mime
View raw message