Full_Name: Josef Goebel
Version: 2.8.4
OS: Win2k
Submission from: (NULL) (62.138.8.66)
We are running an application causing lots of traffic on the server
including file upload. On the server side we've written two Apache modules
handling incoming requests.
The problem is, that Apache (1.3.20) process terminates after a while with the
following logfile entry if more than one client is sending HTTPS requests to the
server:
...
[Wed May 23 18:22:44 2001] [info] master_main: Child processed exited (due to
MaxRequestsPerChild?). Restarting the child process.
...
When debugging Apache an access violation occurs in the following
lines in ap_ctx.c of the Apache code:
API_EXPORT(void *) ap_ctx_get(ap_ctx *ctx, char *key)
{
int i;
--> access violation because ctx==NULL!
for (i = 0; ctx->cr_entry[i] != NULL; i++)
if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0)
return ctx->cr_entry[i]->ce_val;
return NULL;
}
The function is called from the following function in ssl_engine_io.c:
static int ssl_io_suck_read(SSL *ssl, char *buf, int len)
{
ap_ctx *actx;
struct ssl_io_suck_st *ss;
request_rec *r = NULL;
int rv;
actx = (ap_ctx *)SSL_get_app_data2(ssl);
if (actx != NULL)
r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
rv = -1;
if (r != NULL) {
--> ss = ap_ctx_get(r->ctx, "ssl::io::suck");
...
}
One strange thing is, that all elements of request_rec r are set to 0.
call stack:
ap_ctx_get(ap_ctx_rec * 0x00000000, char * 0x100251f4) line 130
ssl_io_suck_read(ssl_st * 0x008afc38, char * 0x008271e8, int 0x00001000) line
265 + 21 bytes
SSL_recvwithtimeout(buff_struct * 0x008271a0, char * 0x008271e8, int 0x00001000)
line 567 + 20 bytes
ssl_io_hook_recvwithtimeout(buff_struct * 0x008271a0, char * 0x008271e8, int
0x00001000) line 460 + 17 bytes
ap_hook_call_func(char * 0x0117de54, ap_hook_entry * 0x0079ed68, ap_hook_func *
0x007b5188) line 649 + 26 bytes
ap_hook_call(char * 0x6ffaf22c) line 382 + 26 bytes
buff_read(buff_struct * 0x008271a0, void * 0x008271e8, int 0x00001000) line 299
+ 26 bytes
saferead_guts(buff_struct * 0x008271a0, void * 0x008271e8, int 0x00001000) line
702 + 17 bytes
read_with_errors(buff_struct * 0x008271a0, void * 0x008271e8, int 0x00001000)
line 753 + 17 bytes
ap_bgets(char * 0x0117def8, int 0x00002000, buff_struct * 0x008271a0) line 906 +
23 bytes
getline(char * 0x0117def8, int 0x00002000, buff_struct * 0x008271a0, int
0x00000000) line 839 + 17 bytes
read_request_line(request_rec * 0x0d9b3a48) line 962 + 29 bytes
ap_read_request(conn_rec * 0x0d9b0020) line 1125 + 9 bytes
child_sub_main(int 0x00000000) line 5562 + 27 bytes
child_main(int 0x00000000) line 5639 + 9 bytes
MSVCRT! 7800a3c0()
KERNEL32! 77e8758a()
Adding the following lines
if ( ctx == 0 || key == 0 )
{
return NULL;
}
before the for-loop in ap_ctx_get() seems to solve the problem
and works just fine. Don't know the code good enough to know if this has any
side effects, though... Any ideas if it does? Is the bugfix really that simple
or is there something going wrong somewhere else in the module causing the
request_rec structure to contain only NULL elements?
Josef.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
