httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [PATCH] SSL: stop trying to talk to client after a negotiation failure?
Date Thu, 17 Jul 2003 10:05:01 GMT
On Wed, Jul 16, 2003 at 11:21:38AM -0400, Jeff Trawick wrote:
> I turned on SSLVerifyClient and my client wasn't set up properly and I 
> started getting server segfaults because we try to read on the 
> connection after some SSL-related data has been cleaned up.
> 
> #2  0x8091753 in ssl_io_filter_input (f=0x825d760, bb=0x825f440, 
> mode=AP_MODE_GETLINE, block=APR_BLOCK_READ,
>     readbytes=0) at ssl_engine_io.c:1231
> 
> 1231        if ((status = ssl_io_filter_connect(inctx->filter_ctx)) != 
> APR_SUCCESS) {
> 
> (gdb) p inctx->filter_ctx
> $1 = (ssl_filter_ctx_t *) 0x0
> 
> I haven't tried very hard to see how inctx->filter_ctx can get cleared, 
> but first I wonder about the big picture: Is continued I/O reasonabe 
> after the negotiation failure?  It *seems* like the clients I'm playing 
> with (wget, Mozilla) have given up at that point anyway.
>
> If it isn't reasonable, then c->aborted should be set.

I agree it's not reasonable; the SSL alert has been sent so nothing more
should be done.  That patch was necessary but not sufficient to cure the
segfaults for me in this case - I also needed the below change.  Do you
want to check these in together?

* ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output): Don't
dereference the BIOs in filter_ctx when filter_ctx->pssl is NULL.

Index: ssl_engine_io.c
===================================================================
RCS file: /store/cvs/root/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.109
diff -u -p -r1.109 ssl_engine_io.c
--- ssl_engine_io.c	22 May 2003 19:41:32 -0000	1.109
+++ ssl_engine_io.c	17 Jul 2003 09:54:03 -0000
@@ -780,8 +780,7 @@ static apr_status_t ssl_filter_write(ap_
                                      apr_size_t len)
 {
     ssl_filter_ctx_t *filter_ctx = f->ctx;
-    bio_filter_out_ctx_t *outctx = 
-           (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
+    bio_filter_out_ctx_t *outctx;
     int res;
 
     /* write SSL */
@@ -789,6 +788,7 @@ static apr_status_t ssl_filter_write(ap_
         return APR_EGENERAL;
     }
 
+    outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
     res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
 
     if (res < 0) {
@@ -1362,8 +1362,7 @@ static apr_status_t ssl_io_filter_output
 {
     apr_status_t status = APR_SUCCESS;
     ssl_filter_ctx_t *filter_ctx = f->ctx;
-    bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
-                                 (filter_ctx->pbioRead->ptr);
+    bio_filter_in_ctx_t *inctx;
 
     if (f->c->aborted) {
         apr_brigade_cleanup(bb);
@@ -1375,6 +1374,7 @@ static apr_status_t ssl_io_filter_output
         return ap_pass_brigade(f->next, bb);
     }
 
+    inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
     /* When we are the writer, we must initialize the inctx
      * mode so that we block for any required ssl input, because
      * output filtering is always nonblocking.

Mime
View raw message