On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote: > On 23.11.2009 18:57, John Lightsey wrote: > > On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
> Thanks again. I updated the patch: > > http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch > > The only changes are in ssl_engine_io.c, where the declaration of "char > *reneg" is moved 4 times to the beginning of the function. Anything else > you observed? I received a report of segfaults caused by this patch. They happen when you have Apache proxy connections to a SSL destination. IE: RewriteRule ^/(.*) https://other_site.com/$1 [P] The segfault happens at: reneg = ap_ctx_get(c->client->ctx, "ssl::reneg"); in ssl_io_suck_read() because SSL_get_app_data(ssl) returns NULL. #0 0x0000000000454bb5 in ssl_io_suck_read (ssl=0x10a26070, buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:275 actx = (ap_ctx *) 0x10a26070 ss = (struct ssl_io_suck_st *) 0x0 r = (request_rec *) 0x0 rv = 0 reneg = 0x0 c = (conn_rec *) 0x0 #1 0x0000000000454f31 in ssl_io_hook_read (fb=0x10a25c28, buf=0x107ccd88 "UserDir", len=4096) at ssl_engine_io.c:394 ssl = (SSL *) 0x10a26070 c = (conn_rec *) 0x0 s = (server_rec *) 0x0 rc = 0 reneg = 0x0 #2 0x000000000049a00f in ap_hook_call_func (ap=0x7fff98699110, he=0x104f33b0, hf=0x105059c0) at ap_hook.c:649 v1 = (void *) 0x10a25c28 v2 = (void *) 0x107ccd88 v3 = 4096 v_rc = (void *) 0x7fff9869922c v_tmp = {v_char = 0 '\0', v_int = 0, v_long = 0, v_float = 0, v_double = 0, v_ptr = 0x0} rc = 1 #3 0x00000000004982db in ap_hook_call (hook=0x4bbb5a "ap::buff::read") at ap_hook.c:382 i = 0 he = (ap_hook_entry *) 0x104f33b0 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff98699200, reg_save_area = 0x7fff98699140}} rc = 0 #4 0x000000000046af22 in ap_read (fb=0x10a25c28, buf=0x107ccd88, nbyte=4096) at buff.c:255 rv = 0 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majord...@modssl.org