diff options
-rw-r--r-- | src/gnutls_hooks.c | 50 | ||||
-rw-r--r-- | src/gnutls_io.c | 27 |
2 files changed, 63 insertions, 14 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 3ce8188..7c638fb 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -486,7 +486,12 @@ void mgs_hook_child_init(apr_pool_t * p, server_rec * s) | |||
486 | 486 | ||
487 | const char *mgs_hook_http_scheme(const request_rec * r) | 487 | const char *mgs_hook_http_scheme(const request_rec * r) |
488 | { | 488 | { |
489 | mgs_srvconf_rec *sc = | 489 | mgs_srvconf_rec *sc; |
490 | |||
491 | if (r == NULL) | ||
492 | return NULL; | ||
493 | |||
494 | sc = | ||
490 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, | 495 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, |
491 | &gnutls_module); | 496 | &gnutls_module); |
492 | 497 | ||
@@ -500,7 +505,12 @@ const char *mgs_hook_http_scheme(const request_rec * r) | |||
500 | 505 | ||
501 | apr_port_t mgs_hook_default_port(const request_rec * r) | 506 | apr_port_t mgs_hook_default_port(const request_rec * r) |
502 | { | 507 | { |
503 | mgs_srvconf_rec *sc = | 508 | mgs_srvconf_rec *sc; |
509 | |||
510 | if (r == NULL) | ||
511 | return 0; | ||
512 | |||
513 | sc = | ||
504 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, | 514 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, |
505 | &gnutls_module); | 515 | &gnutls_module); |
506 | 516 | ||
@@ -579,6 +589,9 @@ mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session) | |||
579 | mgs_srvconf_rec *tsc; | 589 | mgs_srvconf_rec *tsc; |
580 | #endif | 590 | #endif |
581 | 591 | ||
592 | if (session == NULL) | ||
593 | return NULL; | ||
594 | |||
582 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 595 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
583 | ctxt = gnutls_transport_get_ptr(session); | 596 | ctxt = gnutls_transport_get_ptr(session); |
584 | 597 | ||
@@ -693,12 +706,18 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
693 | int mgs_hook_pre_connection(conn_rec * c, void *csd) | 706 | int mgs_hook_pre_connection(conn_rec * c, void *csd) |
694 | { | 707 | { |
695 | mgs_handle_t *ctxt; | 708 | mgs_handle_t *ctxt; |
696 | mgs_srvconf_rec *sc = | 709 | mgs_srvconf_rec *sc; |
710 | |||
711 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
712 | |||
713 | if (c == NULL) | ||
714 | return DECLINED; | ||
715 | |||
716 | sc = | ||
697 | (mgs_srvconf_rec *) ap_get_module_config(c->base_server-> | 717 | (mgs_srvconf_rec *) ap_get_module_config(c->base_server-> |
698 | module_config, | 718 | module_config, |
699 | &gnutls_module); | 719 | &gnutls_module); |
700 | 720 | ||
701 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
702 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | 721 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { |
703 | return DECLINED; | 722 | return DECLINED; |
704 | } | 723 | } |
@@ -732,13 +751,16 @@ int mgs_hook_fixups(request_rec * r) | |||
732 | mgs_handle_t *ctxt; | 751 | mgs_handle_t *ctxt; |
733 | int rv = OK; | 752 | int rv = OK; |
734 | 753 | ||
754 | if (r == NULL) | ||
755 | return DECLINED; | ||
756 | |||
735 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 757 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
736 | apr_table_t *env = r->subprocess_env; | 758 | apr_table_t *env = r->subprocess_env; |
737 | 759 | ||
738 | ctxt = | 760 | ctxt = |
739 | ap_get_module_config(r->connection->conn_config, &gnutls_module); | 761 | ap_get_module_config(r->connection->conn_config, &gnutls_module); |
740 | 762 | ||
741 | if (!ctxt) { | 763 | if (!ctxt || ctxt->session == NULL) { |
742 | return DECLINED; | 764 | return DECLINED; |
743 | } | 765 | } |
744 | 766 | ||
@@ -804,14 +826,19 @@ int mgs_hook_authz(request_rec * r) | |||
804 | { | 826 | { |
805 | int rv; | 827 | int rv; |
806 | mgs_handle_t *ctxt; | 828 | mgs_handle_t *ctxt; |
807 | mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, | 829 | mgs_dirconf_rec *dc; |
830 | |||
831 | if (r == NULL) | ||
832 | return DECLINED; | ||
833 | |||
834 | dc = ap_get_module_config(r->per_dir_config, | ||
808 | &gnutls_module); | 835 | &gnutls_module); |
809 | 836 | ||
810 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 837 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
811 | ctxt = | 838 | ctxt = |
812 | ap_get_module_config(r->connection->conn_config, &gnutls_module); | 839 | ap_get_module_config(r->connection->conn_config, &gnutls_module); |
813 | 840 | ||
814 | if (!ctxt) { | 841 | if (!ctxt || ctxt->session == NULL) { |
815 | return DECLINED; | 842 | return DECLINED; |
816 | } | 843 | } |
817 | 844 | ||
@@ -875,6 +902,9 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, | |||
875 | size_t len; | 902 | size_t len; |
876 | int ret, i; | 903 | int ret, i; |
877 | 904 | ||
905 | if (r == NULL) | ||
906 | return; | ||
907 | |||
878 | apr_table_t *env = r->subprocess_env; | 908 | apr_table_t *env = r->subprocess_env; |
879 | 909 | ||
880 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 910 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
@@ -983,6 +1013,9 @@ mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side | |||
983 | const char *tmp; | 1013 | const char *tmp; |
984 | size_t len; | 1014 | size_t len; |
985 | int ret; | 1015 | int ret; |
1016 | |||
1017 | if (r == NULL) | ||
1018 | return; | ||
986 | 1019 | ||
987 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 1020 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
988 | apr_table_t *env = r->subprocess_env; | 1021 | apr_table_t *env = r->subprocess_env; |
@@ -1052,6 +1085,9 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt) | |||
1052 | } cert; | 1085 | } cert; |
1053 | apr_time_t expiration_time, cur_time; | 1086 | apr_time_t expiration_time, cur_time; |
1054 | 1087 | ||
1088 | if (r == NULL || ctxt == NULL || ctxt->session == NULL) | ||
1089 | return HTTP_FORBIDDEN; | ||
1090 | |||
1055 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | 1091 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); |
1056 | cert_list = | 1092 | cert_list = |
1057 | gnutls_certificate_get_peers(ctxt->session, &cert_list_size); | 1093 | gnutls_certificate_get_peers(ctxt->session, &cert_list_size); |
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 8187da6..ba03fce 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
@@ -221,6 +221,10 @@ static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt, | |||
221 | ctxt->input_block = APR_NONBLOCK_READ; | 221 | ctxt->input_block = APR_NONBLOCK_READ; |
222 | } | 222 | } |
223 | } | 223 | } |
224 | |||
225 | if (ctxt->session == NULL) { | ||
226 | return APR_EGENERAL; | ||
227 | } | ||
224 | 228 | ||
225 | while (1) { | 229 | while (1) { |
226 | 230 | ||
@@ -360,7 +364,7 @@ static int gnutls_do_handshake(mgs_handle_t * ctxt) | |||
360 | int errcode; | 364 | int errcode; |
361 | int maxtries = HANDSHAKE_MAX_TRIES; | 365 | int maxtries = HANDSHAKE_MAX_TRIES; |
362 | 366 | ||
363 | if (ctxt->status != 0) { | 367 | if (ctxt->status != 0 || ctxt->session == NULL) { |
364 | return -1; | 368 | return -1; |
365 | } | 369 | } |
366 | 370 | ||
@@ -441,6 +445,9 @@ tryagain: | |||
441 | int mgs_rehandshake(mgs_handle_t * ctxt) | 445 | int mgs_rehandshake(mgs_handle_t * ctxt) |
442 | { | 446 | { |
443 | int rv; | 447 | int rv; |
448 | |||
449 | if (ctxt->session == NULL) | ||
450 | return -1; | ||
444 | 451 | ||
445 | rv = gnutls_rehandshake(ctxt->session); | 452 | rv = gnutls_rehandshake(ctxt->session); |
446 | 453 | ||
@@ -565,7 +572,7 @@ apr_status_t mgs_filter_output(ap_filter_t * f, | |||
565 | 572 | ||
566 | apr_bucket_copy(bucket, &e); | 573 | apr_bucket_copy(bucket, &e); |
567 | APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e); | 574 | APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e); |
568 | 575 | ||
569 | if ((status = ap_pass_brigade(f->next, tmpb)) != APR_SUCCESS) { | 576 | if ((status = ap_pass_brigade(f->next, tmpb)) != APR_SUCCESS) { |
570 | apr_brigade_cleanup(ctxt->output_bb); | 577 | apr_brigade_cleanup(ctxt->output_bb); |
571 | return status; | 578 | return status; |
@@ -609,10 +616,14 @@ apr_status_t mgs_filter_output(ap_filter_t * f, | |||
609 | 616 | ||
610 | if (len > 0) { | 617 | if (len > 0) { |
611 | 618 | ||
612 | do { | 619 | if (ctxt->session == NULL) { |
613 | ret = gnutls_record_send(ctxt->session, data, len); | 620 | ret = GNUTLS_E_INVALID_REQUEST; |
621 | } else { | ||
622 | do { | ||
623 | ret = gnutls_record_send(ctxt->session, data, len); | ||
624 | } | ||
625 | while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); | ||
614 | } | 626 | } |
615 | while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); | ||
616 | 627 | ||
617 | if (ret < 0) { | 628 | if (ret < 0) { |
618 | /* error sending output */ | 629 | /* error sending output */ |
@@ -674,7 +685,8 @@ ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr, | |||
674 | if (APR_STATUS_IS_EOF(ctxt->input_rc)) { | 685 | if (APR_STATUS_IS_EOF(ctxt->input_rc)) { |
675 | return 0; | 686 | return 0; |
676 | } else { | 687 | } else { |
677 | gnutls_transport_set_errno(ctxt->session, EINTR); | 688 | if (ctxt->session) |
689 | gnutls_transport_set_errno(ctxt->session, EINTR); | ||
678 | return -1; | 690 | return -1; |
679 | } | 691 | } |
680 | } | 692 | } |
@@ -697,7 +709,8 @@ ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr, | |||
697 | if (APR_STATUS_IS_EAGAIN(ctxt->input_rc) | 709 | if (APR_STATUS_IS_EAGAIN(ctxt->input_rc) |
698 | || APR_STATUS_IS_EINTR(ctxt->input_rc)) { | 710 | || APR_STATUS_IS_EINTR(ctxt->input_rc)) { |
699 | if (len == 0) { | 711 | if (len == 0) { |
700 | gnutls_transport_set_errno(ctxt->session, EINTR); | 712 | if (ctxt->session) |
713 | gnutls_transport_set_errno(ctxt->session, EINTR); | ||
701 | return -1; | 714 | return -1; |
702 | } | 715 | } |
703 | 716 | ||