Return-Path: 
 <dev-return-31987-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 31459 invoked by uid 500); 4 Aug 2002 17:08:15 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 31444 invoked from network); 4 Aug 2002 17:08:14 -0000
Message-ID: <A5374D237E78D41195810090279CC91A08EC753B@xcup04.cup.hp.com>
From: "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)"
 <madhusudan_mathihalli@hp.com>
To: "'dev@httpd.apache.org'" <dev@httpd.apache.org>
Cc: "'modssl-users@modssl.org'" <modssl-users@modssl.org>
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core
Date: Sun, 4 Aug 2002 10:08:13 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2655.55)
Content-Type: text/plain
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Hi,
	I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
   -----------------------------------------------
   <html>
   <head><title>side_menu.htm</title></head>
   <body>
    <p></p>
    <p><a href="./10mb.pdf">pdf-test</font></a></p>
   </body>
   </html>
   ------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c     9 Jul 2002 15:26:26 -0000       1.325
+++ http_protocol.c     4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
     if (length == 0)
         return 0;

-    ap_soft_timeout("send body", r);
+    ap_hard_timeout("send body", r);

     while (!r->connection->aborted) {
         if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)