In the event that SSL_accept fails, openssl_get_error is called with
newSock passed as the apr_ssl_socket_t argument. openssl_get_error
expects to be able to access the element sslData->ssl of that structure,
which hasn't been initialized. This can result in a seg fault if the
accept fails. Moving the population of the structure before the
SSL_accept.
-START PATCH-------------------------------------------------------
Index: ssl/apr_ssl_openssl.c
===================================================================
--- ssl/apr_ssl_openssl.c (revision 507043)
+++ ssl/apr_ssl_openssl.c (working copy)
@@ -200,14 +200,15 @@
return -1;
SSL_set_fd(sslData->ssl, fd);
+ newSock->pool = pool;
+ newSock->sslData = sslData;
+ newSock->factory = oldSock->factory;
+
if ((sslOp = SSL_accept(sslData->ssl)) != 1) {
openssl_get_error(newSock, sslOp);
return -1;
}
- newSock->pool = pool;
- newSock->sslData = sslData;
- newSock->factory = oldSock->factory;
return APR_SUCCESS;
}
-END PATCH---------------------------------------------------------
Chad Fox
[EMAIL PROTECTED]
