Re: [PATCH] Segfaults in 2.8.13 (was: Re: mod_ssl/2.8.13 and php)

Fri, 21 Mar 2003 05:30:36 -0800 

Hi,

this works on linux 2.2.16 and linux 2.4.19

Thanks

Burkhard

On Fri, 21 Mar 2003, Ralf S. Engelschall wrote:

> On Fri, Mar 21, 2003, Ralf S. Engelschall wrote:
> 
> > > I can see the same segmentation fault :
> > [...]
> 
> Ok, can the people who are able to reproduce the segfault problem,
> please apply the following patch, retry it and give feedback? I think
> these two bugfixes should fix the problem now. If yes, I'll release
> mod_ssl 2.8.14 with it. Thanks for your help.
> 
> Index: ssl_engine_kernel.c
> ===================================================================
> RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
> retrieving revision 1.136
> diff -u -d -r1.136 ssl_engine_kernel.c
> --- ssl_engine_kernel.c       19 Nov 2002 13:57:01 -0000      1.136
> +++ ssl_engine_kernel.c       21 Mar 2003 12:39:47 -0000
> @@ -1048,13 +1048,15 @@
>                          "Re-negotiation handshake failed: Client verification 
> failed");
>                  return FORBIDDEN;
>              }
> +            cert = SSL_get_peer_certificate(ssl);
>              if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
> -                && (cert = SSL_get_peer_certificate(ssl)) == NULL) {
> +                && cert == NULL) {
>                  ssl_log(r->server, SSL_LOG_ERROR,
>                          "Re-negotiation handshake failed: Client certificate 
> missing");
> -                X509_free(cert);
>                  return FORBIDDEN;
>              }
> +            if (cert != NULL)
> +                X509_free(cert);
>          }
>      }
> 
> Index: ssl_engine_vars.c
> ===================================================================
> RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_vars.c,v
> retrieving revision 1.53
> diff -u -d -r1.53 ssl_engine_vars.c
> --- ssl_engine_vars.c 29 Oct 2002 13:00:46 -0000      1.53
> +++ ssl_engine_vars.c 21 Mar 2003 12:40:12 -0000
> @@ -322,7 +322,9 @@
>      else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
>          if ((xs = SSL_get_certificate(ssl)) != NULL) {
>              result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> -            X509_free(xs);
> +            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
> +               the reference count the same way SSL_get_peer_certificate does,
> +               so no need to X509_free(xs) the stuff here. */
>          }
>      }
>      return result;
> 
>                                        Ralf S. Engelschall
>                                        [EMAIL PROTECTED]
>                                        www.engelschall.com
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to