1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
Description: Implement a few critical preventive error checks.
The error trapping is insufficient in the original source.
.
The patch prepares for implementing such trapping, and also
improves two conditionals which only with later changes will
actually matter, but for now are non-intrusive.
Author: Mats Erik Andersson <debian@gisladisker.se>
Forwarded: no
Last-Update: 2010-03-15
@@ -193,8 +193,8 @@ static void inline close_on_exec(int fd)
extern int ssl_read(struct REQUEST *req, char *buf, int len);
extern int ssl_write(struct REQUEST *req, char *buf, int len);
extern int ssl_blk_write(struct REQUEST *req, int offset, int len);
-extern void init_ssl(void);
-extern void open_ssl_session(struct REQUEST *req);
+extern int init_ssl(void);
+extern int open_ssl_session(struct REQUEST *req);
#endif
/* --- request.c ------------------------------------------------ */
@@ -470,17 +470,22 @@ mainloop(void *thread_arg)
if (with_ssl)
open_ssl_session(req);
#endif
- length = sizeof(req->peer);
- if (-1 == getpeername(req->fd,(struct sockaddr*)&(req->peer),&length)) {
- xperror(LOG_WARNING,"getpeername",NULL);
- req->state = STATE_CLOSE;
+ /* Make sure the request has not been cancelled!
+ * Otherwise just ignore it. */
+ if (req) {
+ length = sizeof(req->peer);
+ if (-1 == getpeername(req->fd,(struct sockaddr*)&(req->peer),&length)) {
+ xperror(LOG_WARNING,"getpeername",NULL);
+ req->state = STATE_CLOSE;
+ }
+ getnameinfo((struct sockaddr*)&req->peer, length,
+ req->peerhost, MAX_HOST,
+ req->peerserv, MAX_MISC,
+ NI_NUMERICHOST | NI_NUMERICSERV);
+ if (debug)
+ fprintf(stderr,"%03d: connect from (%s)\n",
+ req->fd,req->peerhost);
}
- getnameinfo((struct sockaddr*)&req->peer,length,
- req->peerhost,64,req->peerserv,8,
- NI_NUMERICHOST | NI_NUMERICSERV);
- if (debug)
- fprintf(stderr,"%03d: connect from (%s)\n",
- req->fd,req->peerhost);
}
}
}
@@ -535,7 +540,9 @@ mainloop(void *thread_arg)
fprintf(stderr,"%03d: keepalive timeout\n",req->fd);
req->state = STATE_CLOSE;
}
- } else {
+ /* Make sure the last action happens with an active state.
+ * Only positive state values are defined. */
+ } else if (req->state > 0) {
if (now > req->ping + timeout) {
if (req->state == STATE_READ_HEADER) {
mkerror(req,408,0);
@@ -97,7 +97,7 @@ static int password_cb(char *buf, int nu
return(strlen(buf));
}
-void init_ssl(void)
+int init_ssl(void)
{
int rc;
@@ -136,9 +136,10 @@ void init_ssl(void)
}
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+ return rc;
}
-void open_ssl_session(struct REQUEST *req)
+int open_ssl_session(struct REQUEST *req)
{
DO_LOCK(lock_ssl);
req->ssl_s = SSL_new(ctx);
@@ -152,4 +153,5 @@ void open_ssl_session(struct REQUEST *re
SSL_set_accept_state(req->ssl_s);
SSL_set_read_ahead(req->ssl_s, 0); /* to prevent unwanted buffering in ssl layer */
DO_UNLOCK(lock_ssl);
+ return 0;
}
|
