From b8c617afa547652b38a7200b67b32a5ba6c27434 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Wed, 21 Nov 2001 22:58:28 +0000
Subject: [PATCH] get rid of SSL_get_app_data2_idx() which had a race condition
 when writing to app_data2_idx, and another inside OpenSSL when calling
 SSL_get_ex_new_index(). add SSL_init_app_data2_idx() to provide the same
 functionality but in a safe place: called during ssl_init_Module PR: Obtained
 from: Submitted by: Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92110 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c |  1 +
 modules/ssl/ssl_util_ssl.c    | 36 +++++++++++++++++++++++------------
 modules/ssl/ssl_util_ssl.h    |  2 +-
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 2e5d27fe3b..02c68b9d60 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -264,6 +264,7 @@ void ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE"));
     ap_add_version_component(p, ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY"));
 
+    SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
     return;
 }
 
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 8f3f8fe2d5..cc5d6cf04b 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -65,27 +65,39 @@
 **  _________________________________________________________________
 */
 
-int SSL_get_app_data2_idx(void)
+/* we initialize this index at startup time
+ * and never write to it at request time,
+ * so this static is thread safe.
+ * also note that OpenSSL increments at static variable when
+ * SSL_get_ex_new_index() is called, so we _must_ do this at startup.
+ */
+static int SSL_app_data2_idx = -1;
+
+void SSL_init_app_data2_idx(void)
 {
-   static int app_data2_idx = -1;
-
-   if (app_data2_idx < 0) {
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-   }
-   return(app_data2_idx);
+    int i;
+
+    if (SSL_app_data2_idx > -1) {
+        return;
+    }
+
+    /* we _do_ need to call this twice */
+    for (i=0; i<=1; i++) {
+        SSL_app_data2_idx =
+            SSL_get_ex_new_index(0,
+                                 "Second Application Data for SSL",
+                                 NULL, NULL, NULL);
+    }
 }
 
 void *SSL_get_app_data2(SSL *ssl)
 {
-    return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());
+    return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
 }
 
 void SSL_set_app_data2(SSL *ssl, void *arg)
 {
-    SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg);
+    SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
     return;
 }
 
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index 31acd897dc..ec6086a335 100644
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -91,7 +91,7 @@
 /*  
  *  Additional Functions
  */
-int         SSL_get_app_data2_idx(void);
+void        SSL_init_app_data2_idx(void);
 void       *SSL_get_app_data2(SSL *);
 void        SSL_set_app_data2(SSL *, void *);
 X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));
-- 
2.50.1