From 4f9c7fd3c4a7e914e28178e0ae84a855b70e132d Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 12 Jan 2015 13:34:53 +0000 Subject: [PATCH] Merge r1601291, r1601630 from trunk: mod_proxy: Shutdown (eg. SSL close notify) the backend connection before closing. mod_proxy: follow up to r1601291. Since deferred_write_pool is needed by the core_output_filter and is a subpool of the connection, shutdown in a pre_cleanup of the connection's pool to avoid a freed memory access (SEGV). Reported By: takashi Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651080 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/proxy/proxy_util.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/CHANGES b/CHANGES index 0af2637707..324a86604e 100644 --- a/CHANGES +++ b/CHANGES @@ -246,6 +246,9 @@ Changes with Apache 2.4.10 *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client. PR54998. [Tim Kosse , Yann Ylavic] + *) mod_proxy: Shutdown (eg. SSL close notify) the backend connection before + closing. [Yann Ylavic] + *) mod_auth_form: Add a debug message when the fields on a form are not recognised. [Graham Leggett] diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 1d3b8c0aa4..d89f44be08 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -2836,6 +2836,33 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, return connected ? OK : DECLINED; } +static apr_status_t connection_shutdown(void *theconn) +{ + proxy_conn_rec *conn = (proxy_conn_rec *)theconn; + conn_rec *c = conn->connection; + if (c) { + if (!c->aborted) { + apr_interval_time_t saved_timeout = 0; + apr_socket_timeout_get(conn->sock, &saved_timeout); + if (saved_timeout) { + apr_socket_timeout_set(conn->sock, 0); + } + + (void)ap_shutdown_conn(c, 0); + c->aborted = 1; + + if (saved_timeout) { + apr_socket_timeout_set(conn->sock, saved_timeout); + } + } + + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02642) + "proxy: connection shutdown"); + } + return APR_SUCCESS; +} + + PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function, proxy_conn_rec *conn, conn_rec *c, @@ -2908,6 +2935,11 @@ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function, } apr_socket_timeout_set(conn->sock, current_timeout); + /* Shutdown the connection before closing it (eg. SSL connections + * need to be close-notify-ed). + */ + apr_pool_pre_cleanup_register(conn->scpool, conn, connection_shutdown); + return OK; } -- 2.40.0