Full_Name: Kevin P. Neal
Version: 2.0.4
OS: HP-UX 10.20
Submission from: markham.southpeak.com (192.58.185.8)
This bug appears (via source code examination) to still be in the
latest mod_ssl.
1) Browser submits request
2) Server handles request, sends response back
3) Server calls bflush_core().
4) bflush_core() eventually makes it down to ap_write(), which
calls SSL_write().
We are now inside SSL_write().
5) Browser improperly closes the connection.
6) Server catches a SIGPIPE (I believe).
7) Server logs message:
%s client stopped connection before send body completed
8) SSL_free() is called by timeout(). SSL connection is closed and
resources freed, making sure to NULL out the s3 pointer in the ssl
structure.
9) timeout() finishes, returns. Server resumes execution where it
was before: inside SSLeay.
10) Eventually ssl3_write_bytes() is called. It tries to call the
function to send the data, but the pointer has been NULL'd out.
Apache dies with a Bus Error.
My user is using MSIE 4.01, 128-bit encryption.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
