Re: [BugDB] SSLed Apache crash with long hostname. (PR#330)

[modssl-bugdb]

On Mon, Dec 27, 1999, [EMAIL PROTECTED] wrote:

> Full_Name: Ryu Inada
> Version: 2.4.9
> OS: Solaris 7/Windows NT 4.0 SP5
> Submission from: iijgw.fujixerox.co.jp (202.32.191.4)
> 
> In pkg.sslmod/ssl_engine_kernel.c, line 188 and pkg.sslmod/ssl_engine_ext.c,
> line=315.
> SSL_set_sessin_id_context() was called but, not checked return value.
> 
> In OpenSSL 0.9.4's SSL_set_session_id_context() code, restrict
> session id context to 32 octets.
> And I think mod_ssl's session id context is currently generated from
> hostname + portnumber, like "foo.bar.foo2.bar2.com:443".
> If hostname is longer than 28octets, SSL_set_session_id_context()
> failed, and session id context is not initialized.
> This make apache servers mulfunctioned on SSL communication.
> 
> It must be fixed like a something like 
> SSL_set_session_id_context(ssl, hash(cpVHostID), HASH_VALUE_LEN);

Ops, good catch. Yes, you're right, OpenSSL restricts the session context to
32 bytes. I've fixed this now as you suggested for mod_ssl 2.4.10 with the
appended patch. Please try it out and give feedback whether it now works as
expected or not.
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

Index: mod_ssl.h
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.119
diff -u -r1.119 mod_ssl.h
--- mod_ssl.h   1999/11/24 11:28:10     1.119
+++ mod_ssl.h   1999/12/27 07:10:29
@@ -110,6 +110,7 @@
 #include "http_core.h"
 #include "http_log.h"
 #include "scoreboard.h"
+#include "util_md5.h"
 #include "fnmatch.h"
 #undef CORE_PRIVATE
 
Index: ssl_engine_ext.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_ext.c,v
retrieving revision 1.29
diff -u -r1.29 ssl_engine_ext.c
--- ssl_engine_ext.c    1999/09/06 13:13:24     1.29
+++ ssl_engine_ext.c    1999/12/27 07:13:17
@@ -296,6 +296,7 @@
     char *errmsg;
     int rc;
     char *cpVHostID;
+    char *cpVHostMD5;
 
     if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
         return NULL;
@@ -312,7 +313,8 @@
         return errmsg;
     }
     SSL_clear(ssl);
-    SSL_set_session_id_context(ssl, (unsigned char *)cpVHostID, strlen(cpVHostID));
+    cpVHostMD5 = ap_md5(r->pool, cpVHostID);
+    SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5));
     SSL_set_fd(ssl, fb->fd);
     ap_ctx_set(fb->ctx, "ssl", ssl);
 
Index: ssl_engine_kernel.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.114
diff -u -r1.114 ssl_engine_kernel.c
--- ssl_engine_kernel.c 1999/11/24 11:28:10     1.114
+++ ssl_engine_kernel.c 1999/12/27 07:14:04
@@ -134,6 +134,7 @@
     SSL *ssl;
     char *cp;
     char *cpVHostID;
+    char *cpVHostMD5;
     X509 *xs;
     int rc;
     int n;
@@ -186,7 +187,8 @@
         return;
     }
     SSL_clear(ssl);
-    SSL_set_session_id_context(ssl, (unsigned char *)cpVHostID, strlen(cpVHostID));
+    cpVHostMD5 = ap_md5(conn->pool, cpVHostID);
+    SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5));
     SSL_set_app_data(ssl, conn);
     apctx = ap_ctx_new(conn->pool);
     ap_ctx_set(apctx, "ssl::request_rec", NULL);

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]