summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorMarc Balmer <mbalmer@cvs.openbsd.org>2008-07-04 14:39:38 +0000
committerMarc Balmer <mbalmer@cvs.openbsd.org>2008-07-04 14:39:38 +0000
commit6c906cdd80a18152935a0a895684647dad1ee50e (patch)
treed81856181b11b2987df1b4ebe00b37fbb2c9766c /usr.sbin
parent93e3bf7f5c40e4ef8becf155ca93aceeb5074ce0 (diff)
Make the proxy module work with https again by allowing the destination
port to be set in the config file instead of using HTTP_DEFAULT_PORT in all cases. Prevent a segfault that would happen when the SSL connection from the proxy fails. Problem found and analyzed by Mischa Diehm; fix by me.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/httpd/src/modules/proxy/proxy_http.c9
-rw-r--r--usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c8
2 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
index 6f0b96b5fe5..00868a8df81 100644
--- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c
+++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
@@ -168,7 +168,7 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
int error;
int result, major, minor;
const char *content_length;
- char *peer;
+ const char *peer;
void *sconf = r->server->module_config;
proxy_server_conf *conf =
@@ -191,7 +191,7 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
AP_HOOK_SIG2(int,ptr),
AP_HOOK_TOPMOST,
&destport, r);
- ap_snprintf(portstr, sizeof(portstr), "%d", DEFAULT_HTTP_PORT);
+ ap_snprintf(portstr, sizeof(portstr), "%d", destport);
destportstr = portstr;
strp = strchr(urlptr, '/');
if (strp == NULL) {
@@ -230,6 +230,10 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
if (ap_isdigit(*strp2))
destportstr = strp2;
}
+
+ /* Make sure peer is always set to prevent a segfault in the SSL handler */
+ peer = desthost;
+
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
@@ -283,7 +287,6 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
return DECLINED; /* try another */
}
-
/* check if ProxyBlock directive on this host */
for (i = 0; i < conf->noproxies->nelts; i++) {
peer = ap_psprintf(p, "%s:%s", desthost, destportstr);
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
index 944ec338619..60ebc6f8cbc 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
@@ -441,7 +441,8 @@ static int ssl_ext_mp_set_destport(request_rec *r)
return DEFAULT_HTTP_PORT;
}
-static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb, char *peer)
+static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb,
+ char *peer)
{
#ifndef SSL_EXPERIMENTAL_PROXY
SSL_CTX *ssl_ctx;
@@ -561,10 +562,13 @@ static void ssl_ext_mp_close_connection(void *_fb)
static int ssl_ext_mp_write_host_header(
request_rec *r, BUFF *fb, char *host, char *port, char *portstr)
{
+ char defport[16];
+
if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
return DECLINED;
- if (portstr != NULL && port != DEFAULT_HTTPS_PORT) {
+ ap_snprintf(defport, sizeof(defport), "%d", DEFAULT_HTTPS_PORT);
+ if (portstr != NULL && strcmp(portstr, defport)) {
ap_bvputs(fb, "Host: ", host, ":", portstr, "\r\n", NULL);
return OK;
}