httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Thorpe <>
Subject Re: [PATCH] Fix SEGV in ssl_scache_shmcb.c
Date Mon, 10 May 2004 23:02:23 GMT
Hi all,

On May 10, 2004 05:04 pm, Mathihalli, Madhusudan wrote:
> 	mod_ssl dumps core when you specify a low cache size (Ex. 10000)
> OR in a manner similar to Bug 27751. In both the cases, the problem
> arises because of a incorrect/incomplete assumption about the size of
> the session data in the cache. The session when stored in the cache can
> be a maximum of SSL_SESSION_MAX_DER bytes - however, it's NOT safe to
> copy SSL_SESSION_MAX_DER bytes back from the cache when we're trying to
> retrieve the session id.
> The following patch fixes the assumption by including a new 'size'
> variable in the cache to store the correct size of the session data -
> so that it can be used for retrieval.
> Any comments ?

Just one :-) I hadn't been particularly clear about something so wires may 
have got crossed, there is a second patch lurking around and it's purpose 
is overlapped with the one you posted. The patch you sent reduces the 
memcpy() overhead to the minimum required whereas previously it was 
pegged at the maximum possible. The cost for that is the addition of 
another member variable in the index structure. However the use of 
"maximal" memcpy over "minimum" memcpy was not the bug, just an 
inelegance of the code. The real bug was that no check was being made 
that the size of the desired memcpy was less than the size of the 
(sub-)cache, no matter whether it was maximal or minimal! :-) I think the 
bug would have been triggered by maximal and minimal scenarios, provided 
you used small enough cache sizes (less than 256kb) and waited long 

That second patch is attached to this mail - it is the necessary fix to 
the bug. The other patch is a slight improvement in efficiency (and code 
quality) and would also be useful if it's considered solid enough, but it 
should be independent of the fix.

Geoff Thorpe

View raw message