SSL_SESSION_id2sz() was NOT THREAD SAFE. it returned a pointer to a

static variable.  fixed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93899 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 5ae11afc0d81ae066aadd32501f3e316a3a85e35..7c5e11dfd985ddb4cec924393f60d308fafec280 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1606,11 +1606,14 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
+
         ssl_log(s, SSL_LOG_TRACE,
                 "Inter-Process Session Cache: "
                 "request=SET status=%s id=%s timeout=%ds (session caching)",
                 (rc == TRUE ? "OK" : "BAD"),
-                SSL_SESSION_id2sz(session_id, session_id_length),
+                SSL_SESSION_id2sz(session_id, session_id_length,
+                                  buf, sizeof(buf)),
                 (timeout - time(NULL)));
     }
 
@@ -1647,12 +1650,15 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
         const char *status = session ? "FOUND" : "MISSED";
         const char *re     = session ? "reuse" : "renewal";
 
         ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
                 "request=GET status=%s id=%s (session %s)",
-                status, SSL_SESSION_id2sz(id, idlen), re);
+                status,
+                SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
+                re);
     }
 
     /*
@@ -1701,9 +1707,11 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
      * Log this cache operation
      */
     if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char buf[SSL_SESSION_ID_STRING_LEN];
         ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
                 "request=REM status=OK id=%s (session dead)",
-                SSL_SESSION_id2sz(session_id, session_id_length));
+                SSL_SESSION_id2sz(session_id, session_id_length,
+                                  buf, sizeof(buf)));
     }
 
     return;

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index b68ed6685e16c6795d75b86cc00516b9d04b8a41..d3792a14e5b2b55e5f4c440a85daaa27ffcc05e7 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -535,15 +535,15 @@ int SSL_CTX_use_certificate_chain(
 **  _________________________________________________________________
 */
 
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen)
+char *SSL_SESSION_id2sz(unsigned char *id, int idlen,
+                        char *str, int strsize)
 {
-    static char str[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
     char *cp;
     int n;
 
     cp = str;
     for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) {
-        apr_snprintf(cp, sizeof(str)-(cp-str), "%02X", id[n]);
+        apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
         cp += 2;
     }
     *cp = NUL;

diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index 150254de739144a87d208be8c62200a09bfbe216..66686fe39188f2ef3c94758d9c2d3eabe624b79f 100644 (file)
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -80,6 +80,10 @@
  */
 #define SSL_SESSION_MAX_DER 1024*10
 
+/* max length for SSL_SESSION_id2sz */
+#define SSL_SESSION_ID_STRING_LEN \
+    ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
+
 /*  
  *  Additional Functions
  */
@@ -100,6 +104,6 @@ BOOL        SSL_load_CrtAndKeyInfo_file(apr_pool_t *, STACK_OF(X509_INFO) *, cha
 BOOL        SSL_load_CrtAndKeyInfo_path(apr_pool_t *, STACK_OF(X509_INFO) *, char *);
 #endif /* SSL_EXPERIMENTAL_PROXY */
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*));
-char       *SSL_SESSION_id2sz(unsigned char *, int);
+char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
 
 #endif /* __SSL_UTIL_SSL_H__ */