On 02/11/2016 03:57 PM, yla...@apache.org wrote: > Author: ylavic > Date: Thu Feb 11 14:57:04 2016 > New Revision: 1729847 > > URL: http://svn.apache.org/viewvc?rev=1729847&view=rev > Log: > mod_proxy: follow up to r1729826: really copy conn->ssl_hostname. > > Modified: > httpd/httpd/trunk/modules/proxy/proxy_util.c
In general this looks fine. We only run in trouble if something provided in the Host header is longer then PROXY_WORKER_MAX_HOSTNAME_SIZE (in case of ProxyPreserveHost on). Then we loose the SNI hostname on these requests. Probably never happens, but could be fun to debug if it happens :-). So probably HUGE_STRING_LEN would be better, but a huge waste of stack resources in most cases for sure. Regards RĂ¼diger > > Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=1729847&r1=1729846&r2=1729847&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/proxy/proxy_util.c (original) > +++ httpd/httpd/trunk/modules/proxy/proxy_util.c Thu Feb 11 14:57:04 2016 > @@ -2721,14 +2721,20 @@ PROXY_DECLARE(int) ap_proxy_connect_back > * restore any ssl_hostname for this connection set earlier by > * ap_proxy_determine_connection(). > */ > - const char *ssl_hostname = conn->ssl_hostname; > + char ssl_hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; > + if (!conn->ssl_hostname || PROXY_STRNCPY(ssl_hostname, > + conn->ssl_hostname)) { > + ssl_hostname[0] = '\0'; > + } > > socket_cleanup(conn); > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00951) > "%s: backend socket is disconnected.", > proxy_function); > > - conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname); > + if (ssl_hostname[0]) { > + conn->ssl_hostname = apr_pstrdup(conn->scpool, ssl_hostname); > + } > } > } > while ((backend_addr || conn->uds_path) && !connected) { > > >
