get rid of SSL_get_app_data2_idx() which had a race condition when

writing to app_data2_idx, and another inside OpenSSL when calling
SSL_get_ex_new_index().
add SSL_init_app_data2_idx() to provide the same functionality but in
a safe place: called during ssl_init_Module
PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92110 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 2e5d27fe3ba17f97fe028207e9e0beb64f06481f..02c68b9d6035a21c39e65f553a82db3296f7c8b1 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -264,6 +264,7 @@ void ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE"));
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY"));
 
+    SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
     return;
 }
 

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 8f3f8fe2d5b81c61604f043d727b162a4072a1f6..cc5d6cf04bda9712c83808f26cde44da0aac5dc7 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -65,27 +65,39 @@
 **  _________________________________________________________________
 */
 
-int SSL_get_app_data2_idx(void)
+/* we initialize this index at startup time
+ * and never write to it at request time,
+ * so this static is thread safe.
+ * also note that OpenSSL increments at static variable when
+ * SSL_get_ex_new_index() is called, so we _must_ do this at startup.
+ */
+static int SSL_app_data2_idx = -1;
+
+void SSL_init_app_data2_idx(void)
 {
-   static int app_data2_idx = -1;
-
-   if (app_data2_idx < 0) {
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-   }
-   return(app_data2_idx);
+    int i;
+
+    if (SSL_app_data2_idx > -1) {
+        return;
+    }
+
+    /* we _do_ need to call this twice */
+    for (i=0; i<=1; i++) {
+        SSL_app_data2_idx =
+            SSL_get_ex_new_index(0,
+                                 "Second Application Data for SSL",
+                                 NULL, NULL, NULL);
+    }
 }
 
 void *SSL_get_app_data2(SSL *ssl)
 {
-    return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());
+    return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
 }
 
 void SSL_set_app_data2(SSL *ssl, void *arg)
 {
-    SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg);
+    SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
     return;
 }
 

diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index 31acd897dc3c35fe47aa4b6cc81978039ec66b86..ec6086a335be4ebd900ffee39ca51f6713c136ab 100644 (file)
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -91,7 +91,7 @@
 /*  
  *  Additional Functions
  */
-int         SSL_get_app_data2_idx(void);
+void        SSL_init_app_data2_idx(void);
 void       *SSL_get_app_data2(SSL *);
 void        SSL_set_app_data2(SSL *, void *);
 X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));