[Bug 57070] New: on non-HTTPS connection crashes in ssl_var_lookup_ssl

Wed, 08 Oct 2014 19:53:56 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=57070

            Bug ID: 57070
           Summary: <If "%{SSL_CLIENT_S_DN_Email} != ''"> on non-HTTPS
                    connection crashes in ssl_var_lookup_ssl
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

This .htaccess file causes a NULL dereference in ssl_var_lookup_ssl, when
visited over a non-HTTPS connection:

<If "%{SSL_CLIENT_S_DN_Email} != ''">
</If>

Backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  ssl_var_lookup_ssl (p=0x7f4f140028f8, r=0x7f4f14002970, var=0x7f4f1400e0b4
"CLIENT_S_DN_Email", c=<optimized out>) at ssl_engine_vars.c:344
344        ssl = sslconn->ssl;
Missing separate debuginfos, use: debuginfo-install
nss-pam-ldapd-0.8.13-4.fc20.x86_64 nss_nonlocal-2.1-1.x86_64
(gdb) bt
#0  ssl_var_lookup_ssl (p=0x7f4f140028f8, r=0x7f4f14002970, var=0x7f4f1400e0b4
"CLIENT_S_DN_Email", c=<optimized out>) at ssl_engine_vars.c:344
#1  0x00007f4f537d6ce7 in ap_expr_eval_word ()
#2  0x00007f4f537d71f6 in ap_expr_eval_comp ()
#3  0x00007f4f537d74a0 in ap_expr_eval ()
#4  0x00007f4f537d7e98 in ap_expr_exec_ctx ()
#5  0x00007f4f537d81d8 in ap_expr_exec_re ()
#6  0x00007f4f537d25be in ap_if_walk ()
#7  0x00007f4f537d28e2 in ap_process_request_internal ()
#8  0x00007f4f537ee9e8 in ap_process_async_request ()
#9  0x00007f4f537eecd4 in ap_process_request ()
#10 0x00007f4f537eb692 in ap_process_http_connection ()
#11 0x00007f4f537e34d0 in ap_run_process_connection ()
#12 0x00007f4f513e353b in process_socket (bucket_alloc=0x7f4f140008e8,
my_thread_num=25, my_child_num=2, sock=0x7f4f40014290, p=0x7f4f40014208, 
    thd=0x7f4f554fc120) at worker.c:619
#13 worker_thread (thd=0x7f4f554fc120, dummy=<optimized out>) at worker.c:978
#14 0x00007f4f5225aee5 in start_thread (arg=0x7f4f367ec700) at
pthread_create.c:309
#15 0x00007f4f51d85b8d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) info locals
sslconn = 0x0
result = 0x0
xs = <optimized out>
sk = <optimized out>
ssl = <optimized out>

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to