From: Christophe Jaillet <jailletc36@apache.org>
Date: Fri, 9 Jan 2015 20:51:03 +0000 (+0000)
Subject: Merge r1630947, r1645670 from trunk
X-Git-Tag: 2.4.11~44
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=63068880fa02194d3ddc0862a335524fbb5da39a;p=apache

Merge r1630947, r1645670 from trunk

   * mod_ssl: Check if we are having an SSL connection before looking up SSL
              related variables during expression evaluation to avoid a crash.
              If not return NULL as ssl_var_lookup_ssl does by default.  PR 57070

Submitted by: rpluem
Reviewed by: jailletc36, ylavic, covener
Backported by: jailletc36

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650659 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e85df51f2b..689a888378 100644
--- a/CHANGES
+++ b/CHANGES
@@ -22,8 +22,11 @@ Changes with Apache 2.4.11
      request headers earlier.  Adds "MergeTrailers" directive to restore
      legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
 
+  *) mod_ssl: Do not crash when looking up SSL related variables during
+     expression evaluation on non SSL connections. PR 57070  [Ruediger Pluem]
+
   *) mod_proxy_ajp: Fix handling of the default port (8009) in the
-     ProxyPass and <Proxy> configurations.  PR 57259.  [Yann Ylavic].
+     ProxyPass and <Proxy> configurations.  PR 57259.  [Yann Ylavic]
 
   *) mpm_event: Avoid a possible use after free when notifying the end of
      connection during lingering close.  PR 57268.  [Eric Covener, Yann Ylavic]
diff --git a/STATUS b/STATUS
index a4419f9c7d..1cc9042203 100644
--- a/STATUS
+++ b/STATUS
@@ -104,14 +104,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ssl: Check if we are having an SSL connection before looking up SSL
-              related variables during expression evaluation to avoid a crash.
-              If not return NULL as ssl_var_lookup_ssl does by default.  PR 57070
-     trunk patch: http://svn.apache.org/r1630947
-                  http://svn.apache.org/r1645670
-     2.4.x patch: trunk works (modulo CHANGES)
-     +1: jailletc36, ylavic, covener
-
    * mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198.
      trunk patch: http://svn.apache.org/r1640495
                   http://svn.apache.org/r1644031
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 97ff211d9c..695bc14b14 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -73,7 +73,9 @@ static apr_array_header_t *expr_peer_ext_list_fn(ap_expr_eval_ctx_t *ctx,
 static const char *expr_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
 {
     char *var = (char *)data;
-    return ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var);
+    SSLConnRec *sslconn = myConnConfig(ctx->c);
+
+    return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL;
 }
 
 static int ssl_expr_lookup(ap_expr_lookup_parms *parms)