[packages/apache.git] / httpd-2.0.48-sslvars.patch


Fixes for SSL variable handling from 2.0.49/HEAD.

--- httpd-2.0.48/modules/ssl/ssl_engine_vars.c.sslvars
+++ httpd-2.0.48/modules/ssl/ssl_engine_vars.c
@@ -87,9 +87,9 @@
     return;
 }
 
+/* This function must remain safe to use for a non-SSL connection. */
 char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
 {
-    SSLConnRec *sslconn;
     SSLModConfigRec *mc = myModConfig(s);
     char *result;
     BOOL resdup;
@@ -169,17 +169,18 @@
      * Connection stuff
      */
     if (result == NULL && c != NULL) {
-        sslconn = myConnConfig(c);
+        SSLConnRec *sslconn = myConnConfig(c);
         if (strcEQ(var, "REMOTE_ADDR"))
             result = c->remote_ip;
         else if (strcEQ(var, "REMOTE_USER"))
             result = r->user;
         else if (strcEQ(var, "AUTH_TYPE"))
             result = r->ap_auth_type;
-        else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
+        else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) 
+                 && sslconn && sslconn->ssl)
             result = ssl_var_lookup_ssl(p, c, var+4);
         else if (strcEQ(var, "HTTPS")) {
-            if (sslconn->ssl != NULL)
+            if (sslconn && sslconn->ssl)
                 result = "on";
             else
                 result = "off";
@@ -280,10 +281,12 @@
     else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
         char buf[SSL_SESSION_ID_STRING_LEN];
         SSL_SESSION *pSession = SSL_get_session(ssl);
-        result = apr_pstrdup(p, SSL_SESSION_id2sz(
-                                SSL_SESSION_get_session_id(pSession),
-                                SSL_SESSION_get_session_id_length(pSession),
-                                buf, sizeof(buf)));
+        if (pSession) {
+            result = apr_pstrdup(p, SSL_SESSION_id2sz(
+                                     SSL_SESSION_get_session_id(pSession),
+                                     SSL_SESSION_get_session_id_length(pSession),
+                                     buf, sizeof(buf)));
+        }
     }
     else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
         result = ssl_var_lookup_ssl_cipher(p, c, var+6);
@@ -608,7 +611,7 @@
         result = apr_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
     }
     else if (strEQ(var, "LIBRARY")) {
-        result = apr_pstrdup(p, SSL_LIBRARY_TEXT);
+        result = apr_pstrdup(p, SSLeay_version(SSLEAY_VERSION));
         if ((cp = strchr(result, ' ')) != NULL) {
             *cp = '/';
             if ((cp2 = strchr(cp, ' ')) != NULL)
@@ -655,7 +658,7 @@
     SSLConnRec *sslconn = myConnConfig(r->connection);
     char *result;
 
-    if (sslconn->ssl == NULL)
+    if (sslconn == NULL || sslconn->ssl == NULL)
         return NULL;
     result = NULL;
     if (strEQ(a, "version"))
@@ -681,12 +684,9 @@
  */
 static const char *ssl_var_log_handler_x(request_rec *r, char *a)
 {
-    SSLConnRec *sslconn = myConnConfig(r->connection);
     char *result;
 
-    result = NULL;
-    if (sslconn && sslconn->ssl)
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
+    result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
     if (result != NULL && result[0] == NUL)
         result = NULL;
     return result;
Commit	Line	Data
0e467b1f AM	1
	2	Fixes for SSL variable handling from 2.0.49/HEAD.
	3
	4	--- httpd-2.0.48/modules/ssl/ssl_engine_vars.c.sslvars
	5	+++ httpd-2.0.48/modules/ssl/ssl_engine_vars.c
	6	@@ -87,9 +87,9 @@
	7	return;
	8	}
	9
	10	+/* This function must remain safe to use for a non-SSL connection. */
	11	char ssl_var_lookup(apr_pool_t p, server_rec s, conn_rec c, request_rec r, char var)
	12	{
	13	- SSLConnRec *sslconn;
	14	SSLModConfigRec *mc = myModConfig(s);
	15	char *result;
	16	BOOL resdup;
	17	@@ -169,17 +169,18 @@
	18	* Connection stuff
	19	*/
	20	if (result == NULL && c != NULL) {
	21	- sslconn = myConnConfig(c);
	22	+ SSLConnRec *sslconn = myConnConfig(c);
	23	if (strcEQ(var, "REMOTE_ADDR"))
	24	result = c->remote_ip;
	25	else if (strcEQ(var, "REMOTE_USER"))
	26	result = r->user;
	27	else if (strcEQ(var, "AUTH_TYPE"))
	28	result = r->ap_auth_type;
	29	- else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
	30	+ else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
	31	+ && sslconn && sslconn->ssl)
	32	result = ssl_var_lookup_ssl(p, c, var+4);
	33	else if (strcEQ(var, "HTTPS")) {
	34	- if (sslconn->ssl != NULL)
	35	+ if (sslconn && sslconn->ssl)
	36	result = "on";
	37	else
	38	result = "off";
	39	@@ -280,10 +281,12 @@
	40	else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
	41	char buf[SSL_SESSION_ID_STRING_LEN];
	42	SSL_SESSION *pSession = SSL_get_session(ssl);
	43	- result = apr_pstrdup(p, SSL_SESSION_id2sz(
	44	- SSL_SESSION_get_session_id(pSession),
	45	- SSL_SESSION_get_session_id_length(pSession),
	46	- buf, sizeof(buf)));
	47	+ if (pSession) {
	48	+ result = apr_pstrdup(p, SSL_SESSION_id2sz(
	49	+ SSL_SESSION_get_session_id(pSession),
	50	+ SSL_SESSION_get_session_id_length(pSession),
	51	+ buf, sizeof(buf)));
	52	+ }
	53	}
	54	else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
	55	result = ssl_var_lookup_ssl_cipher(p, c, var+6);
	56	@@ -608,7 +611,7 @@
	57	result = apr_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
	58	}
	59	else if (strEQ(var, "LIBRARY")) {
	60	- result = apr_pstrdup(p, SSL_LIBRARY_TEXT);
	61	+ result = apr_pstrdup(p, SSLeay_version(SSLEAY_VERSION));
	62	if ((cp = strchr(result, ' ')) != NULL) {
	63	*cp = '/';
	64	if ((cp2 = strchr(cp, ' ')) != NULL)
65	@@ -655,7 +658,7 @@
66	SSLConnRec *sslconn = myConnConfig(r->connection);
67	char *result;
68
69	- if (sslconn->ssl == NULL)
70	+ if (sslconn == NULL \|\| sslconn->ssl == NULL)
71	return NULL;
72	result = NULL;
73	if (strEQ(a, "version"))
74	@@ -681,12 +684,9 @@
75	*/
76	static const char ssl_var_log_handler_x(request_rec r, char *a)
77	{
78	- SSLConnRec *sslconn = myConnConfig(r->connection);
79	char *result;
80
81	- result = NULL;
82	- if (sslconn && sslconn->ssl)
83	- result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
84	+ result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
85	if (result != NULL && result[0] == NUL)
86	result = NULL;
87	return result;