Changeset 2140

Timestamp:

03/30/2008 01:19:53 PM (5 months ago)

Author:

stbuehler

Message:

fix ssl error queue handling (#285) (CVE-2008-1531)

Location:

trunk

Files:

• NEWS (modified) (1 diff)
• src/connections.c (modified) (2 diffs)
• src/network_openssl.c (modified) (3 diffs)

trunk/NEWS

@@ -27 +27 @@
   * fcgi-stat-accel: Fix unused var / indentation
   * fix mod_compress bug (#1027)
+  * fix ssl error queue handling (#285) (CVE-2008-1531)
 
 - 1.5.0-r19.. -

trunk/src/connections.c

@@ -103 +103 @@
 
         if (con->sock->ssl) {
-                switch (SSL_shutdown(con->sock->ssl)) {
+                int ret, ssl_r;
+                unsigned long err;
+
+                ERR_clear_error();
+                switch (ret = SSL_shutdown(con->sock->ssl)) {
                 case 1:
                         /* done */
@@ -111 +115 @@
                          *
                          * FIXME: wait for fdevent and call SSL_shutdown again
-                         *
+                         * (But it is not that important as we close the underlying connection anyway)
                          */
 
                         break;
                 default:
-                        ERROR("SSL_shutdown failed: %s", ERR_error_string(ERR_get_error(), NULL));
+                        switch ((ssl_r = SSL_get_error(con->sock->ssl, ret))) {
+                        case SSL_ERROR_WANT_WRITE:
+                        case SSL_ERROR_WANT_READ:
+                                break;
+                        case SSL_ERROR_SYSCALL:
+                                /* perhaps we have error waiting in our error-queue */
+                                if (0 != (err = ERR_get_error())) {
+                                        do {
+                                                ERROR("SSL_shutdown failed (%i, %i): %s", ssl_r, ret, ERR_error_string(err, NULL));
+                                        } while((err = ERR_get_error()));
+                                } else {
+                                        ERROR("SSL_shutdown failed (%i, %i, %i): %s", ssl_r, ret, errno, strerror(errno));
+                                }
+
+                                break;
+                        default:
+                                while((err = ERR_get_error())) {
+                                        ERROR("SSL_shutdown failed (%i, %i): %s", ssl_r, ret, ERR_error_string(err, NULL));
+                                }
+                        }
                 }
 
                 SSL_free(con->sock->ssl);
+                ERR_clear_error();
                 con->sock->ssl = NULL;
         }

trunk/src/network_openssl.c

@@ -45 +45 @@
                 b = chunkqueue_get_append_buffer(cq);
                 buffer_prepare_copy(b, 8192 + 12); /* ssl-chunk-size is 8kb */
+                ERR_clear_error();
                 len = SSL_read(sock->ssl, b->ptr, b->size - 1);
 
@@ -184 +185 @@
                          */
 
+                        ERR_clear_error();
                         if (toSend != 0 && (r = SSL_write(sock->ssl, offset, toSend)) <= 0) {
                                 unsigned long err;
@@ -288 +290 @@
                                 close(ifd);
 
+                                ERR_clear_error();
                                 if ((r = SSL_write(sock->ssl, s, toSend)) <= 0) {
                                         unsigned long err;