Hi all,
On May 10, 2004 05:04 pm, Mathihalli, Madhusudan wrote:
> mod_ssl dumps core when you specify a low cache size (Ex. 10000)
> OR in a manner similar to Bug 27751. In both the cases, the problem
> arises because of a incorrect/incomplete assumption about the size of
> the session data in the cache. The session when stored in the cache can
> be a maximum of SSL_SESSION_MAX_DER bytes - however, it's NOT safe to
> copy SSL_SESSION_MAX_DER bytes back from the cache when we're trying to
> retrieve the session id.
>
> The following patch fixes the assumption by including a new 'size'
> variable in the cache to store the correct size of the session data -
> so that it can be used for retrieval.
>
> Any comments ?
Just one :-) I hadn't been particularly clear about something so wires may
have got crossed, there is a second patch lurking around and it's purpose
is overlapped with the one you posted. The patch you sent reduces the
memcpy() overhead to the minimum required whereas previously it was
pegged at the maximum possible. The cost for that is the addition of
another member variable in the index structure. However the use of
"maximal" memcpy over "minimum" memcpy was not the bug, just an
inelegance of the code. The real bug was that no check was being made
that the size of the desired memcpy was less than the size of the
(sub-)cache, no matter whether it was maximal or minimal! :-) I think the
bug would have been triggered by maximal and minimal scenarios, provided
you used small enough cache sizes (less than 256kb) and waited long
enough.
That second patch is attached to this mail - it is the necessary fix to
the bug. The other patch is a slight improvement in efficiency (and code
quality) and would also be useful if it's considered solid enough, but it
should be independent of the fix.
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
diff -urN httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c httpd-2.0.49-patched/modules/ssl/ssl_scache_shmcb.c
--- httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c 2004-02-09 15:53:20.000000000 -0500
+++ httpd-2.0.49-patched/modules/ssl/ssl_scache_shmcb.c 2004-03-25 21:41:45.000000000 -0500
@@ -848,6 +848,9 @@
unsigned int dest_offset,
unsigned char *src, unsigned int src_len)
{
+ /* Cover the case that src_len > buf_size */
+ if(src_len > buf_size)
+ src_len = buf_size;
/* Can it be copied all in one go? */
if (dest_offset + src_len < buf_size)
/* yes */
@@ -871,6 +874,9 @@
unsigned int src_offset,
unsigned int src_len)
{
+ /* Cover the case that src_len > buf_size */
+ if(src_len > buf_size)
+ src_len = buf_size;
/* Can it be copied all in one go? */
if (src_offset + src_len < buf_size)
/* yes */
