From 63068880fa02194d3ddc0862a335524fbb5da39a Mon Sep 17 00:00:00 2001 From: Christophe Jaillet Date: Fri, 9 Jan 2015 20:51:03 +0000 Subject: [PATCH] Merge r1630947, r1645670 from trunk * mod_ssl: Check if we are having an SSL connection before looking up SSL related variables during expression evaluation to avoid a crash. If not return NULL as ssl_var_lookup_ssl does by default. PR 57070 Submitted by: rpluem Reviewed by: jailletc36, ylavic, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1650659 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 ++++- STATUS | 8 -------- modules/ssl/ssl_engine_vars.c | 4 +++- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index e85df51f2b..689a888378 100644 --- a/CHANGES +++ b/CHANGES @@ -22,8 +22,11 @@ Changes with Apache 2.4.11 request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] + *) mod_ssl: Do not crash when looking up SSL related variables during + expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem] + *) mod_proxy_ajp: Fix handling of the default port (8009) in the - ProxyPass and configurations. PR 57259. [Yann Ylavic]. + ProxyPass and configurations. PR 57259. [Yann Ylavic] *) mpm_event: Avoid a possible use after free when notifying the end of connection during lingering close. PR 57268. [Eric Covener, Yann Ylavic] diff --git a/STATUS b/STATUS index a4419f9c7d..1cc9042203 100644 --- a/STATUS +++ b/STATUS @@ -104,14 +104,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Check if we are having an SSL connection before looking up SSL - related variables during expression evaluation to avoid a crash. - If not return NULL as ssl_var_lookup_ssl does by default. PR 57070 - trunk patch: http://svn.apache.org/r1630947 - http://svn.apache.org/r1645670 - 2.4.x patch: trunk works (modulo CHANGES) - +1: jailletc36, ylavic, covener - * mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. trunk patch: http://svn.apache.org/r1640495 http://svn.apache.org/r1644031 diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 97ff211d9c..695bc14b14 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -73,7 +73,9 @@ static apr_array_header_t *expr_peer_ext_list_fn(ap_expr_eval_ctx_t *ctx, static const char *expr_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) { char *var = (char *)data; - return ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var); + SSLConnRec *sslconn = myConnConfig(ctx->c); + + return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL; } static int ssl_expr_lookup(ap_expr_lookup_parms *parms) -- 2.40.0