Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
I didn't see any feedback, do any of the Apache guru's have comments? Any
clarifications? (I hope I made the specifics clear enough, below.)
Yours,
Bill
William A. Rowe, Jr. wrote:
Maintainers,
This patch addresses a still-outstanding flaw in mod_ssl, on *all* platforms.
However it's rarely evident on any platform other than Win32, because only Win32
recycles memory -so quickly- on other threads, that the cleanup cannot be
invoked.
Instead, in the LogRequest (request-is-done) hook is used to clean everything
up before r->pool goes poof.
Please, again consider this patch... I'm finished submitting through private
channels and would like the end-users to be able to take advantage of it
already.
Thanks.
Bill
--- mod_ssl.h 25 Oct 2005 04:32:42 -0000 1.1
+++ mod_ssl.h 25 Oct 2005 05:54:19 -0000 1.2
@@ -711,6 +711,7 @@
int ssl_hook_Fixup(request_rec *);
int ssl_hook_ReadReq(request_rec *);
int ssl_hook_Handler(request_rec *);
+int ssl_hook_LogRequest(request_rec *r);
/* OpenSSL callbacks */
RSA *ssl_callback_TmpRSA(SSL *, int, int);
--- mod_ssl.c 25 Oct 2005 04:32:46 -0000 1.1
+++ mod_ssl.c 25 Oct 2005 05:52:20 -0000 1.2
@@ -231,7 +231,7 @@
ssl_hook_Access, /* [#3] check access by host address */
NULL, /* [#6] determine MIME type */
ssl_hook_Fixup, /* [#7] pre-run fixups */
- NULL, /* [#9] log a transaction */
+ ssl_hook_LogRequest, /* [#9] log a transaction */
NULL, /* [#2] header parser */
ssl_init_Child, /* child_init */
NULL, /* child_exit */
--- ssl_engine_io.c 25 Oct 2005 04:32:28 -0000 1.1
+++ ssl_engine_io.c 25 Oct 2005 05:52:20 -0000 1.2
@@ -263,7 +263,7 @@
r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
rv = -1;
- if (r != NULL) {
+ if (r != NULL && r->ctx != NULL) {
ss = ap_ctx_get(r->ctx, "ssl::io::suck");
if (ss != NULL) {
if (ss->active && ss->pendlen > 0) {
--- ssl_engine_kernel.c 25 Oct 2005 04:32:41 -0000 1.1
+++ ssl_engine_kernel.c 25 Oct 2005 05:52:20 -0000 1.2
@@ -542,6 +542,28 @@
}
/*
+ * Logging Handler, last chance at request_rec
+ */
+int ssl_hook_LogRequest(request_rec *r)
+{
+ SSL *ssl;
+ ap_ctx *apctx;
+
+ /* Mitigate potential damage of any invalid ssl::request_rec
+ * by clearing this datum prior to child_sub_main destroying
+ * our r->pool (and within in, our request_rec!!!)
+ */
+ ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
+ if (ssl != NULL) {
+ apctx = SSL_get_app_data2(ssl);
+ if (apctx && ap_ctx_get(apctx, "ssl::request_rec")) {
+ ap_ctx_set(apctx, "ssl::request_rec", NULL);
+ }
+ }
+ return OK;
+}
+
+/*
* Post Read Request Handler
*/
int ssl_hook_ReadReq(request_rec *r)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
