Using Apache 1.3.12 with mod_ssl 2.6.4 on NT.
I created a certificate key with a password. When I started Apache, it
asked for the pass phrase. Then I connected to the server from a
Netscape browser (using the httpds port). It went through the
certificate check and before displaying the server page the child
process died with a segmentation error.
Running the server under debug and using the -X option, I could see
that it was dying in ssl_log and was called from ssl_io_suck_read. In
ssl_io_suck_read, I noticed that len is truncated to no more than
ss->pendlen but then ss->pendptr is copied to buf (see code segment
below). I added another check to truncate len if it was longer than
buf.
Recompiling this change and running the server again, everything worked
fine.
Does this make sense to people who know the code better than me?
Thanks,
Bruce
(line 263)
rv = -1;
if (r != NULL) {
ss = ap_ctx_get(r->ctx, "ssl::io::suck");
if (ss != NULL) {
if (ss->active && ss->pendlen > 0) {
/* ok, there is pre-sucked data */
len = (ss->pendlen > len ? len : ss->pendlen);
/* here is where I add my check for strlen(buf) < len */
memcpy(buf, ss->pendptr, len);
ss->pendptr += len;
ss->pendlen -= len;
ssl_log(r->server, SSL_LOG_TRACE,
"I/O: injecting %d bytes of pre-sucked data "
"into Apache I/O layer", len);
rv = len;
}
}
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
