* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential

infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.

PR: 29964

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104547 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index df7f2887de92fd8f26ec6f695dc2cf14ae61def0..5240dfb5b76aa79267db5d99f98316f7d4cc6c52 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) SECURITY: CAN-2004-0748 (cve.mitre.org)
+     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
+
   *) mod_disk_cache: Implement binary format for on-disk header files.
      [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
 
@@ -20,7 +23,7 @@ Changes with Apache 2.1.0-dev
   *) Add load balancer support to the scoreboard in preparation for
      load balancing support in mod_proxy. [Mladen Turk]
 
-  *) mod_ssl: Build on RHEL 3. (RedHat bug: 82369.)  [Justin Erenkrantz]
+  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
 
   *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to 
      allow a non-secure connection to be upgraded to secure connections

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index d48292c50e6a5dfb845bc62a5ebacd62daf57142..29e9a650f8c53d4fe8ee1bdd6b9f91324a1584e5 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -589,6 +589,10 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
     while (1) {
 
         if (!inctx->filter_ctx->pssl) {
+            /* Ensure a non-zero error code is returned */
+            if (inctx->rc == APR_SUCCESS) {
+                inctx->rc = APR_EGENERAL;
+            }
             break;
         }