aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikos Mavrogiannopoulos 2010-08-17 19:04:34 +0200
committerGravatar Nikos Mavrogiannopoulos 2010-08-18 20:41:36 +0200
commit69771b6784e7172f9f1ece47f55ef6dc90d3d2c5 (patch)
tree9accfaccd8378f4ae811a47835e511ef8866abc4
parent1999f8ddb3edf05a77b08b8a9605487ee98501a0 (diff)
Safer usage of session variable to prevent segmentation faults on closure. Should solve issue #106.
-rw-r--r--src/gnutls_hooks.c50
-rw-r--r--src/gnutls_io.c27
2 files changed, 63 insertions, 14 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 3ce8188..7c638fb 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -486,7 +486,12 @@ void mgs_hook_child_init(apr_pool_t * p, server_rec * s)
486 486
487const char *mgs_hook_http_scheme(const request_rec * r) 487const char *mgs_hook_http_scheme(const request_rec * r)
488{ 488{
489 mgs_srvconf_rec *sc = 489 mgs_srvconf_rec *sc;
490
491 if (r == NULL)
492 return NULL;
493
494 sc =
490 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 495 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config,
491 &gnutls_module); 496 &gnutls_module);
492 497
@@ -500,7 +505,12 @@ const char *mgs_hook_http_scheme(const request_rec * r)
500 505
501apr_port_t mgs_hook_default_port(const request_rec * r) 506apr_port_t mgs_hook_default_port(const request_rec * r)
502{ 507{
503 mgs_srvconf_rec *sc = 508 mgs_srvconf_rec *sc;
509
510 if (r == NULL)
511 return 0;
512
513 sc =
504 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 514 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config,
505 &gnutls_module); 515 &gnutls_module);
506 516
@@ -579,6 +589,9 @@ mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session)
579 mgs_srvconf_rec *tsc; 589 mgs_srvconf_rec *tsc;
580#endif 590#endif
581 591
592 if (session == NULL)
593 return NULL;
594
582 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 595 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
583 ctxt = gnutls_transport_get_ptr(session); 596 ctxt = gnutls_transport_get_ptr(session);
584 597
@@ -693,12 +706,18 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
693int mgs_hook_pre_connection(conn_rec * c, void *csd) 706int mgs_hook_pre_connection(conn_rec * c, void *csd)
694{ 707{
695 mgs_handle_t *ctxt; 708 mgs_handle_t *ctxt;
696 mgs_srvconf_rec *sc = 709 mgs_srvconf_rec *sc;
710
711 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
712
713 if (c == NULL)
714 return DECLINED;
715
716 sc =
697 (mgs_srvconf_rec *) ap_get_module_config(c->base_server-> 717 (mgs_srvconf_rec *) ap_get_module_config(c->base_server->
698 module_config, 718 module_config,
699 &gnutls_module); 719 &gnutls_module);
700 720
701 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
702 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { 721 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
703 return DECLINED; 722 return DECLINED;
704 } 723 }
@@ -732,13 +751,16 @@ int mgs_hook_fixups(request_rec * r)
732 mgs_handle_t *ctxt; 751 mgs_handle_t *ctxt;
733 int rv = OK; 752 int rv = OK;
734 753
754 if (r == NULL)
755 return DECLINED;
756
735 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 757 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
736 apr_table_t *env = r->subprocess_env; 758 apr_table_t *env = r->subprocess_env;
737 759
738 ctxt = 760 ctxt =
739 ap_get_module_config(r->connection->conn_config, &gnutls_module); 761 ap_get_module_config(r->connection->conn_config, &gnutls_module);
740 762
741 if (!ctxt) { 763 if (!ctxt || ctxt->session == NULL) {
742 return DECLINED; 764 return DECLINED;
743 } 765 }
744 766
@@ -804,14 +826,19 @@ int mgs_hook_authz(request_rec * r)
804{ 826{
805 int rv; 827 int rv;
806 mgs_handle_t *ctxt; 828 mgs_handle_t *ctxt;
807 mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, 829 mgs_dirconf_rec *dc;
830
831 if (r == NULL)
832 return DECLINED;
833
834 dc = ap_get_module_config(r->per_dir_config,
808 &gnutls_module); 835 &gnutls_module);
809 836
810 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 837 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
811 ctxt = 838 ctxt =
812 ap_get_module_config(r->connection->conn_config, &gnutls_module); 839 ap_get_module_config(r->connection->conn_config, &gnutls_module);
813 840
814 if (!ctxt) { 841 if (!ctxt || ctxt->session == NULL) {
815 return DECLINED; 842 return DECLINED;
816 } 843 }
817 844
@@ -875,6 +902,9 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side,
875 size_t len; 902 size_t len;
876 int ret, i; 903 int ret, i;
877 904
905 if (r == NULL)
906 return;
907
878 apr_table_t *env = r->subprocess_env; 908 apr_table_t *env = r->subprocess_env;
879 909
880 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 910 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
@@ -983,6 +1013,9 @@ mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side
983 const char *tmp; 1013 const char *tmp;
984 size_t len; 1014 size_t len;
985 int ret; 1015 int ret;
1016
1017 if (r == NULL)
1018 return;
986 1019
987 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 1020 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
988 apr_table_t *env = r->subprocess_env; 1021 apr_table_t *env = r->subprocess_env;
@@ -1052,6 +1085,9 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt)
1052 } cert; 1085 } cert;
1053 apr_time_t expiration_time, cur_time; 1086 apr_time_t expiration_time, cur_time;
1054 1087
1088 if (r == NULL || ctxt == NULL || ctxt->session == NULL)
1089 return HTTP_FORBIDDEN;
1090
1055 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 1091 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
1056 cert_list = 1092 cert_list =
1057 gnutls_certificate_get_peers(ctxt->session, &cert_list_size); 1093 gnutls_certificate_get_peers(ctxt->session, &cert_list_size);
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index 8187da6..ba03fce 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -221,6 +221,10 @@ static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
221 ctxt->input_block = APR_NONBLOCK_READ; 221 ctxt->input_block = APR_NONBLOCK_READ;
222 } 222 }
223 } 223 }
224
225 if (ctxt->session == NULL) {
226 return APR_EGENERAL;
227 }
224 228
225 while (1) { 229 while (1) {
226 230
@@ -360,7 +364,7 @@ static int gnutls_do_handshake(mgs_handle_t * ctxt)
360 int errcode; 364 int errcode;
361 int maxtries = HANDSHAKE_MAX_TRIES; 365 int maxtries = HANDSHAKE_MAX_TRIES;
362 366
363 if (ctxt->status != 0) { 367 if (ctxt->status != 0 || ctxt->session == NULL) {
364 return -1; 368 return -1;
365 } 369 }
366 370
@@ -441,6 +445,9 @@ tryagain:
441int mgs_rehandshake(mgs_handle_t * ctxt) 445int mgs_rehandshake(mgs_handle_t * ctxt)
442{ 446{
443 int rv; 447 int rv;
448
449 if (ctxt->session == NULL)
450 return -1;
444 451
445 rv = gnutls_rehandshake(ctxt->session); 452 rv = gnutls_rehandshake(ctxt->session);
446 453
@@ -565,7 +572,7 @@ apr_status_t mgs_filter_output(ap_filter_t * f,
565 572
566 apr_bucket_copy(bucket, &e); 573 apr_bucket_copy(bucket, &e);
567 APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e); 574 APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
568 575
569 if ((status = ap_pass_brigade(f->next, tmpb)) != APR_SUCCESS) { 576 if ((status = ap_pass_brigade(f->next, tmpb)) != APR_SUCCESS) {
570 apr_brigade_cleanup(ctxt->output_bb); 577 apr_brigade_cleanup(ctxt->output_bb);
571 return status; 578 return status;
@@ -609,10 +616,14 @@ apr_status_t mgs_filter_output(ap_filter_t * f,
609 616
610 if (len > 0) { 617 if (len > 0) {
611 618
612 do { 619 if (ctxt->session == NULL) {
613 ret = gnutls_record_send(ctxt->session, data, len); 620 ret = GNUTLS_E_INVALID_REQUEST;
621 } else {
622 do {
623 ret = gnutls_record_send(ctxt->session, data, len);
624 }
625 while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
614 } 626 }
615 while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
616 627
617 if (ret < 0) { 628 if (ret < 0) {
618 /* error sending output */ 629 /* error sending output */
@@ -674,7 +685,8 @@ ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
674 if (APR_STATUS_IS_EOF(ctxt->input_rc)) { 685 if (APR_STATUS_IS_EOF(ctxt->input_rc)) {
675 return 0; 686 return 0;
676 } else { 687 } else {
677 gnutls_transport_set_errno(ctxt->session, EINTR); 688 if (ctxt->session)
689 gnutls_transport_set_errno(ctxt->session, EINTR);
678 return -1; 690 return -1;
679 } 691 }
680 } 692 }
@@ -697,7 +709,8 @@ ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
697 if (APR_STATUS_IS_EAGAIN(ctxt->input_rc) 709 if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
698 || APR_STATUS_IS_EINTR(ctxt->input_rc)) { 710 || APR_STATUS_IS_EINTR(ctxt->input_rc)) {
699 if (len == 0) { 711 if (len == 0) {
700 gnutls_transport_set_errno(ctxt->session, EINTR); 712 if (ctxt->session)
713 gnutls_transport_set_errno(ctxt->session, EINTR);
701 return -1; 714 return -1;
702 } 715 }
703 716