[packages/apache.git] / bug-65627.patch

commit 59b7c104ce06c90be20ff50435d912a444341245
Author: Yann Ylavic <ylavic@apache.org>
Date:   Tue Oct 12 16:48:18 2021 +0000

    *) core: Be safe with ap_lingering_close() called with a socket NULL-ed.
    
    PR 65627.
    
    mod_itk seems to:
      ap_set_core_module_config(c->conn_config, NULL)
    before calling ap_lingering_close(), causing a crash after r1891721.
    Until we have an API to no-op ap_lingering_close(), let's be safe.
    
    * server/connection.c(ap_start_lingering_close):
      The socket should not be NULL here, add an assertion.
    
    * server/connection.c(ap_lingering_close):
      Set c->aborted if the socket is NULL, and give up.
    
    Submitted by: acmondor <bz.apache.org acmondor.ca>, ylavic
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894171 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt
new file mode 100644
index 0000000000..43cc6930b5
--- /dev/null
+++ b/changes-entries/ap_lingering_close-NULL.txt
@@ -0,0 +1,3 @@
+  *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
+     a third-party module.  PR 65627.
+     [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
diff --git a/server/connection.c b/server/connection.c
index f89ac553c6..a7a51cf741 100644
--- a/server/connection.c
+++ b/server/connection.c
@@ -145,9 +145,7 @@ AP_DECLARE(int) ap_start_lingering_close(conn_rec *c)
 {
     apr_socket_t *csd = ap_get_conn_socket(c);
 
-    if (!csd) {
-        return 1;
-    }
+    ap_assert(csd != NULL);
 
     if (ap_prep_lingering_close(c)) {
         return 1;
@@ -178,6 +176,15 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
     apr_time_t now, timeup = 0;
     apr_socket_t *csd = ap_get_conn_socket(c);
 
+    if (!csd) {
+        /* Be safe with third-party modules that:
+         *   ap_set_core_module_config(c->conn_config, NULL)
+         * to no-op ap_lingering_close().
+         */
+        c->aborted = 1;
+        return;
+    }
+
     if (ap_start_lingering_close(c)) {
         apr_socket_close(csd);
         return;
Commit	Line	Data
4d3d9679 AM	1	commit 59b7c104ce06c90be20ff50435d912a444341245
	2	Author: Yann Ylavic <ylavic@apache.org>
	3	Date: Tue Oct 12 16:48:18 2021 +0000
	4
	5	*) core: Be safe with ap_lingering_close() called with a socket NULL-ed.
	6
	7	PR 65627.
	8
	9	mod_itk seems to:
	10	ap_set_core_module_config(c->conn_config, NULL)
	11	before calling ap_lingering_close(), causing a crash after r1891721.
	12	Until we have an API to no-op ap_lingering_close(), let's be safe.
	13
	14	* server/connection.c(ap_start_lingering_close):
	15	The socket should not be NULL here, add an assertion.
	16
	17	* server/connection.c(ap_lingering_close):
	18	Set c->aborted if the socket is NULL, and give up.
	19
	20	Submitted by: acmondor <bz.apache.org acmondor.ca>, ylavic
	21
	22
	23
	24	git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1894171 13f79535-47bb-0310-9956-ffa450edef68
	25
	26	diff --git a/changes-entries/ap_lingering_close-NULL.txt b/changes-entries/ap_lingering_close-NULL.txt
	27	new file mode 100644
	28	index 0000000000..43cc6930b5
	29	--- /dev/null
	30	+++ b/changes-entries/ap_lingering_close-NULL.txt
	31	@@ -0,0 +1,3 @@
	32	+ *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
	33	+ a third-party module. PR 65627.
	34	+ [acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
	35	diff --git a/server/connection.c b/server/connection.c
	36	index f89ac553c6..a7a51cf741 100644
	37	--- a/server/connection.c
	38	+++ b/server/connection.c
	39	@@ -145,9 +145,7 @@ AP_DECLARE(int) ap_start_lingering_close(conn_rec *c)
	40	{
	41	apr_socket_t *csd = ap_get_conn_socket(c);
	42
	43	- if (!csd) {
	44	- return 1;
	45	- }
	46	+ ap_assert(csd != NULL);
	47
	48	if (ap_prep_lingering_close(c)) {
	49	return 1;
	50	@@ -178,6 +176,15 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
	51	apr_time_t now, timeup = 0;
	52	apr_socket_t *csd = ap_get_conn_socket(c);
	53
	54	+ if (!csd) {
	55	+ /* Be safe with third-party modules that:
	56	+ * ap_set_core_module_config(c->conn_config, NULL)
	57	+ * to no-op ap_lingering_close().
	58	+ */
	59	+ c->aborted = 1;
	60	+ return;
	61	+ }
	62	+
	63	if (ap_start_lingering_close(c)) {
	64	apr_socket_close(csd);
65	return;