Re: [BugDB] bug in ssl_engine_ext.c (PR#127)

Sat, 20 Mar 1999 03:13:54 -0500 

On Fri, Mar 19, 1999, [EMAIL PROTECTED] wrote:

> Full_Name: Thomas Devanneaux
> Version: 2.2.5
> OS: linux
> Submission from: ppp148-paris.isdnet.net (194.149.182.148)
> 
> I have noticed a very minor bug which causes a httpd child to 
> sigfault if we use  mod_proxy over SSL and if the connection 
> to the SSL server fails.
> The reason is that the ssl structure is released twice.
> 
> Here is the diff:
> 
> --- ssl_engine_ext.c  Thu Mar  4 10:00:29 1999
> +++ ssl_engine_ext.c.new  Fri Mar 19 15:08:41 1999
> @@ -309,7 +309,6 @@
>      if ((rc = SSL_connect(ssl)) <= 0) {
>          errmsg = ap_pstrcat(r->pool, "SSL connect failed: ",
>                              ERR_reason_error_string(ERR_get_error()), NULL);
> -        SSL_free(ssl);
>          return errmsg;
>      }

You mean it's still free'd in the ssl_ext_mp_close_connection() function
triggered by the Apache pool system, right? Yes, that's a bug. But that
cleanup code in the if-clause is intended just for the error case and should
make sure the stuff is _immediately_ destroyed.  What is missing is the emove
of the SSL* pointer from the context structure. So, I now felt free to change
your suggested patch to:

:> cvs diff ssl_engine_ext.c 
Index: ssl_engine_ext.c
===================================================================
RCS file:
/e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_ext.c,v
retrieving revision 1.16
diff -u -r1.16 ssl_engine_ext.c
--- ssl_engine_ext.c    1999/03/04 09:00:29     1.16
+++ ssl_engine_ext.c    1999/03/20 08:01:34
@@ -310,6 +310,7 @@
         errmsg = ap_pstrcat(r->pool, "SSL connect failed: ",
                             ERR_reason_error_string(ERR_get_error()), NULL);
         SSL_free(ssl);
+        ap_ctx_set(fb->ctx, "ssl", NULL);
         return errmsg;
     }
 

This should also solve the multiple-free problem, but immediately destroys the
stuff to make sure it's not used somewhere. Thanks for the essential hint.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to