diff options
| author | Marc Balmer <mbalmer@cvs.openbsd.org> | 2008-07-04 14:39:38 +0000 |
|---|---|---|
| committer | Marc Balmer <mbalmer@cvs.openbsd.org> | 2008-07-04 14:39:38 +0000 |
| commit | 6c906cdd80a18152935a0a895684647dad1ee50e (patch) | |
| tree | d81856181b11b2987df1b4ebe00b37fbb2c9766c | |
| parent | 93e3bf7f5c40e4ef8becf155ca93aceeb5074ce0 (diff) | |
Make the proxy module work with https again by allowing the destination
port to be set in the config file instead of using HTTP_DEFAULT_PORT
in all cases. Prevent a segfault that would happen when the SSL
connection from the proxy fails.
Problem found and analyzed by Mischa Diehm; fix by me.
| -rw-r--r-- | usr.sbin/httpd/src/modules/proxy/proxy_http.c | 9 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c index 6f0b96b5fe5..00868a8df81 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c @@ -168,7 +168,7 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, int error; int result, major, minor; const char *content_length; - char *peer; + const char *peer; void *sconf = r->server->module_config; proxy_server_conf *conf = @@ -191,7 +191,7 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, AP_HOOK_SIG2(int,ptr), AP_HOOK_TOPMOST, &destport, r); - ap_snprintf(portstr, sizeof(portstr), "%d", DEFAULT_HTTP_PORT); + ap_snprintf(portstr, sizeof(portstr), "%d", destport); destportstr = portstr; strp = strchr(urlptr, '/'); if (strp == NULL) { @@ -230,6 +230,10 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, if (ap_isdigit(*strp2)) destportstr = strp2; } + + /* Make sure peer is always set to prevent a segfault in the SSL handler */ + peer = desthost; + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; @@ -283,7 +287,6 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, return DECLINED; /* try another */ } - /* check if ProxyBlock directive on this host */ for (i = 0; i < conf->noproxies->nelts; i++) { peer = ap_psprintf(p, "%s:%s", desthost, destportstr); diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c index 944ec338619..60ebc6f8cbc 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c @@ -441,7 +441,8 @@ static int ssl_ext_mp_set_destport(request_rec *r) return DEFAULT_HTTP_PORT; } -static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb, char *peer) +static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb, + char *peer) { #ifndef SSL_EXPERIMENTAL_PROXY SSL_CTX *ssl_ctx; @@ -561,10 +562,13 @@ static void ssl_ext_mp_close_connection(void *_fb) static int ssl_ext_mp_write_host_header( request_rec *r, BUFF *fb, char *host, char *port, char *portstr) { + char defport[16]; + if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE) return DECLINED; - if (portstr != NULL && port != DEFAULT_HTTPS_PORT) { + ap_snprintf(defport, sizeof(defport), "%d", DEFAULT_HTTPS_PORT); + if (portstr != NULL && strcmp(portstr, defport)) { ap_bvputs(fb, "Host: ", host, ":", portstr, "\r\n", NULL); return OK; } |