Re: svn commit: r1855646 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c modules/ssl/mod_ssl.c

Mon, 18 Mar 2019 03:20:40 -0700 


On 03/18/2019 08:47 AM, Ruediger Pluem wrote:
> 
> 
> On 03/16/2019 02:45 PM, [email protected] wrote:
>> Author: ylavic
>> Date: Sat Mar 16 13:45:17 2019
>> New Revision: 1855646
>>
>> URL: http://svn.apache.org/viewvc?rev=1855646&view=rev
>> Log:
>> mod_proxy/ssl: cleanup per-request SSL configuration for recycled proxy 
>> conns.
>>
>> The SSL dir config of proxy/backend connections is stored in 
>> r->per_dir_config
>> but those connections have a lifetime independent of the requests they 
>> handle.
>>
>> So we need to allow the external ssl_engine_set() function to reset mod_ssl's
>> dir config in between proxy requests, or the first sslconn->dc could be used
>> after free for the next requests.
>>
>> mod_proxy can then reset/reinit the request config when recycling its backend
>> connections.
>>
>> Modified:
>>     httpd/httpd/trunk/CHANGES
>>     httpd/httpd/trunk/modules/proxy/proxy_util.c
>>     httpd/httpd/trunk/modules/ssl/mod_ssl.c
>>
> 
>>
>> Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1855646&r1=1855645&r2=1855646&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Sat Mar 16 13:45:17 2019
>> @@ -486,17 +486,31 @@ static int ssl_hook_pre_config(apr_pool_
>>  }
>>  
>>  static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
>> -                                           ap_conf_vector_t *per_dir_config)
>> +                                           ap_conf_vector_t *per_dir_config,
>> +                                           int new_proxy)
>>  {
>>      SSLConnRec *sslconn = myConnConfig(c);
>> -    SSLSrvConfigRec *sc;
>>  
>> -    if (sslconn) {
>> -        return sslconn;
>> -    }
>> +    if (!sslconn) {
>> +        sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
>>  
>> -    sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
>> +        sslconn->server = c->base_server;
>> +        sslconn->verify_depth = UNSET;
>> +        if (new_proxy) {
>> +            sslconn->is_proxy = 1;
>> +            sslconn->cipher_suite = sslconn->dc->proxy->auth.cipher_suite;
> 
> Hm. sslconn->dc is not set at this point of time. This happens only later 
> down below, after the new Reinit comment.

Hopefully solved in r1855748. Please have a look.

Regards

RĂ¼diger























					Reply via email to