Finally managed to write a patch. This patch applies ok on mod-gnutls 0.9.0 and not sure if it will work for buster.
-- Atte. Félix Arreola Firmado con GPG 0x1e249ee4
Author: Félix Arreola RodrÃguez <fgatuno....@gmail.com> Date: Thu, 5 Jun 2022 10:42:46 -0500 Subject: Fix a loop caused by timeout if mod_reqtimeout is enabled Bug-Debian: https://bugs.debian.org/942737 When mod_reqtimeout is enabled, when mod_gnutls tries to read from the previous apr_bucket, it returns a timeout. Mod_gnutls handles incorrectly this timeout as a EAGAIN, causing to forever loop and consumes 100% CPU on the current apache process. --- diff --git a/src/gnutls_io.c b/src/gnutls_io.c =================================================================== --- a/src/gnutls_io.c +++ b/src/gnutls_io.c @@ -269,6 +269,17 @@ static apr_status_t gnutls_io_input_read ap_log_cerror(APLOG_MARK, APLOG_TRACE2, ctxt->input_rc, ctxt->c, "%s: looping recv after '%s' (%d)", __func__, gnutls_strerror(rc), rc); + if (APR_STATUS_IS_TIMEUP (ctxt->input_rc)) { + /* Timeout by mod_reqtimeout, bye bye */ + ap_log_cerror(APLOG_MARK, + APLOG_INFO, + ctxt->input_rc, + ctxt->c, + "GnuTLS: Timeout reading data. (%d) '%s'", + rc, + gnutls_strerror(rc)); + break; + } /* For a blocking read, loop and try again * immediately. Otherwise just notify the caller. */ if (ctxt->input_block != APR_NONBLOCK_READ)
pgp29x61ProPo.pgp
Description: Firma digital OpenPGP