Chad Fox wrote:
> In the event that SSL_accept fails, openssl_get_error is called with
> newSock passed as the apr_ssl_socket_t argument. openssl_get_error
> expects to be able to access the element sslData->ssl of that structure,
> which hasn't been initialized. This can result in a seg fault if the
> accept fails. Moving the population of the structure before the
> SSL_accept.
Good catch :-)
>
> -START PATCH-------------------------------------------------------
>
> Index: ssl/apr_ssl_openssl.c
> ===================================================================
> --- ssl/apr_ssl_openssl.c (revision 507043)
> +++ ssl/apr_ssl_openssl.c (working copy)
> @@ -200,14 +200,15 @@
> return -1;
> SSL_set_fd(sslData->ssl, fd);
>
> + newSock->pool = pool;
> + newSock->sslData = sslData;
> + newSock->factory = oldSock->factory;
> +
> if ((sslOp = SSL_accept(sslData->ssl)) != 1) {
> openssl_get_error(newSock, sslOp);
> return -1;
> }
>
> - newSock->pool = pool;
> - newSock->sslData = sslData;
> - newSock->factory = oldSock->factory;
> return APR_SUCCESS;
> }
>
> -END PATCH---------------------------------------------------------
>
> Chad Fox
> [EMAIL PROTECTED]
>
>
>
--
david
http://feathercast.org/
