Summary: | SEGV if the client is connection plain to a SSL enabled port | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | keilh <hartmut.keil> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | other | ||
Attachments: | Patch against 2.0.x |
Description
keilh
2005-12-05 17:04:52 UTC
Thanks for the report, this has been fixed on the trunk: http://svn.apache.org/viewcvs.cgi?rev=354394&view=rev Created attachment 17393 [details]
Patch against 2.0.x
Proposed for backport to 2.2.x as r355720 (http://svn.apache.org/viewcvs.cgi?rev=355720&view=rev) and proposed for backport to 2.0.x as r368152 (http://svn.apache.org/viewcvs.cgi?rev=368152&view=rev). There is also a CVEID for this bug: CAN-2005-3357 Doesn't the same problem also appear at the very beginning of in ssl_hook_Fixup() ? if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) should become if ( !sc->enabled || !sslconn || (ssl != sslconn->ssl) ) Right ? (In reply to comment #4) > > if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) > should become > if ( !sc->enabled || !sslconn || (ssl != sslconn->ssl) ) > > Right ? No. 1. Your version is nearly the same as above because !(sc->enabled && sslconn && (ssl = sslconn->ssl)) is equal to !sc->enabled || !sslconn || !(ssl == sslconn->ssl) keep in mind that ssl = sslconn->ssl and ssl == sslconn->ssl are different things. So the original condition becomes true if sslconn->ssl is equal to NULL which is only checked if sslconn is different from NULL. But I need to check on the trunk where the current condition is somewhat different and maybe also wrong. So thanks for the pointer. Meanwhile I checked the slightly different condition on trunk and 2.2.x and they are also correct. I read too fast, sorry :-( |