RE: Apache 1.3.26 + mod_ssl 2.8.10 dumps core

RE: Apache 1.3.26 + mod_ssl 2.8.10 dumps core

am 09.08.2002 02:16:49 von madhusudan_mathihalli

Sorry for this blast-o-gram. I realized that the patch that I'd posted was
totally a wrong one - and did not achieve what it was meant for :-(.
For those interested, here's something which is pretty close to what I'd
intented).

Thanks
-Madhu

diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c
apache_1.3.26/src/modules/ssl/ssl_engine_io.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_io.c Fri Aug 2 13:44:24
2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_io.c Thu Aug 8 16:38:09
2002
@@ -346,6 +346,14 @@

if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
rc = SSL_read(ssl, buf, len);
+
+ c = (conn_rec *)SSL_get_app_data(ssl);
+ if (c->aborted) {
+ ssl->rwstate = SSL_NOTHING;
+ ssl_hook_CloseConnection(c);
+ return -1;
+ }
+
/*
* Simulate an EINTR in case OpenSSL wants to read more.
* (This is usually the case when the client forces an SSL
@@ -380,6 +388,14 @@

if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
rc = SSL_write(ssl, buf, len);
+
+ c = (conn_rec *)SSL_get_app_data(ssl);
+ if (c->aborted) {
+ ssl->rwstate = SSL_NOTHING;
+ ssl_hook_CloseConnection(c);
+ return -1;
+ }
+
/*
* Simulate an EINTR in case OpenSSL wants to write more.
*/
diff -ru mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c
apache_1.3.26/src/
modules/ssl/ssl_engine_kernel.c
--- mod_ssl-2.8.10-1.3.26/pkg.sslmod/ssl_engine_kernel.c Fri Aug 2
13:44
:24 2002
+++ apache_1.3.26/src/modules/ssl/ssl_engine_kernel.c Thu Aug 8 16:19:31
2002
@@ -457,6 +457,9 @@
if (ssl == NULL)
return;

+ if (SSL_want_read(ssl) || SSL_want_write(ssl))
+ return;
+
/*
* First make sure that no more data is pending in Apache's BUFF,
* because when it's (implicitly) flushed later by the ap_bclose()


------------------------------------------------------------ ----------------
---


-----Original Message-----
From: MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
[mailto:madhusudan_mathihalli@hp.com]
Sent: Sunday, August 04, 2002 10:08 AM
To: 'dev@httpd.apache.org'
Cc: 'modssl-users@modssl.org'
Subject: [PATCH - Apache 1.3] Apache 1.3.26 + mod_ssl 2.8.10 dumps core


Hi,
I'm not sure whom to approach for this problem - so I'm sending it
to both the mailing lists. Here's a pretty easy way to reproduce the SEGV
that I'm experiencing (on HP-UX 11.0 / 11i)

1. Download OpenSSL 0.9.6e, Apache 1.3.26 and mod_ssl 2.8.10
2. Build and install Apache (ofcourse with mod_ssl capability)
3. Set the Timeout to 20 secs (pl. note it's the hard timeout and not the
keepalive / SSLSessionCacheTimeout)
4. Create a simple HTML file (/opt/apache/htdocs/a.html) as follows :
-----------------------------------------------

side_menu.htm





------------------------------------------------
5. And ofcourse, create /opt/apache/htdocs/10mb.pdf file.
6. Start Apache with SSL capability, and access the URL
https://servername/a.html (Client browser was Win2K box/IE 5.5).
7. Right click on "pdf-test", and select the "Save as" tab. This should
bring up the "Save As" dialog box.
8. Don't do any thing - and you'll see a SEGV in /opt/apache/logs/error_log
after about 20 secs.

Now, is this the expected behavior? I don't believe so. A closer
investigation seemed that mod_SSL had nothing to do with the core dump. It's
the way a aborted connection was handled.

The following patch seemed to resolve the core dump issue for me - but I
don't believe it's the correct fix. Can somebody please evaluate the patch
and let me know if it's okay? Also, I've not evaluated the side-effects of
doing such a thing.
[I don't know what's the difference b/w hard timeout and soft timeout - in
the sense where/how should it be used. It'd be great if somebody could
explain the difference]

Thanks
-Madhu

$ cvs diff http_protocol.c
Index: http_protocol.c
============================================================ =======
RCS file: /home/cvspublic/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.325
diff -u -r1.325 http_protocol.c
--- http_protocol.c 9 Jul 2002 15:26:26 -0000 1.325
+++ http_protocol.c 4 Aug 2002 16:54:45 -0000
@@ -2362,7 +2362,7 @@
if (length == 0)
return 0;

- ap_soft_timeout("send body", r);
+ ap_hard_timeout("send body", r);

while (!r->connection->aborted) {
if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org