]>
Commit | Line | Data |
---|---|---|
4d3d9679 AM |
1 | commit 59b7c104ce06c90be20ff50435d912a444341245 |
2 | Author: Yann Ylavic <ylavic@apache.org> | |
3 | Date: Tue Oct 12 16:48:18 2021 +0000 | |
4 | ||
5 | *) core: Be safe with ap_lingering_close() called with a socket NULL-ed. | |
6 | ||
7 | PR 65627. | |
8 | ||
9 | mod_itk seems to: | |
10 | ap_set_core_module_config(c->conn_config, NULL) | |
11 | before calling ap_lingering_close(), causing a crash after r1891721. | |
12 | Until we have an API to no-op ap_lingering_close(), let's be safe. | |
13 | ||
14 | * server/connection.c(ap_start_lingering_close): | |
15 | The socket should not be NULL here, add an assertion. | |
16 | ||
17 | * server/connection.c(ap_lingering_close): | |
18 | Set c->aborted if the socket is NULL, and give up. | |
19 | ||
20 | Submitted by: acmondor <bz.apache.org acmondor.ca>, ylavic | |
21 | ||
22 | ||
23 | ||
24 | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894171 13f79535-47bb-0310-9956-ffa450edef68 | |
25 | ||
26 | diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt | |
27 | new file mode 100644 | |
28 | index 0000000000..43cc6930b5 | |
29 | --- /dev/null | |
30 | +++ b/changes-entries/ap_lingering_close-NULL.txt | |
31 | @@ -0,0 +1,3 @@ | |
32 | + *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by | |
33 | + a third-party module. PR 65627. | |
34 | + [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic] | |
35 | diff --git a/server/connection.c b/server/connection.c | |
36 | index f89ac553c6..a7a51cf741 100644 | |
37 | --- a/server/connection.c | |
38 | +++ b/server/connection.c | |
39 | @@ -145,9 +145,7 @@ AP_DECLARE(int) ap_start_lingering_close(conn_rec *c) | |
40 | { | |
41 | apr_socket_t *csd = ap_get_conn_socket(c); | |
42 | ||
43 | - if (!csd) { | |
44 | - return 1; | |
45 | - } | |
46 | + ap_assert(csd != NULL); | |
47 | ||
48 | if (ap_prep_lingering_close(c)) { | |
49 | return 1; | |
50 | @@ -178,6 +176,15 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c) | |
51 | apr_time_t now, timeup = 0; | |
52 | apr_socket_t *csd = ap_get_conn_socket(c); | |
53 | ||
54 | + if (!csd) { | |
55 | + /* Be safe with third-party modules that: | |
56 | + * ap_set_core_module_config(c->conn_config, NULL) | |
57 | + * to no-op ap_lingering_close(). | |
58 | + */ | |
59 | + c->aborted = 1; | |
60 | + return; | |
61 | + } | |
62 | + | |
63 | if (ap_start_lingering_close(c)) { | |
64 | apr_socket_close(csd); | |
65 | return; |