svn commit: r1345599 - in /httpd/httpd/trunk: docs/log-message-tags/ne

sf | 3 Jun 2012 00:28
svn commit: r1345599 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c

Author: sf
Date: Sat Jun  2 22:28:26 2012
New Revision: 1345599

URL: http://svn.apache.org/viewvc?rev=1345599&view=rev
Log:
Avoid buffer overflow if one protocol string is too long, but at least
one is not.

Also add log messages numbers and avoid useless string dup.

Modified:
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1345599&r1=1345598&r2=1345599&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Sat Jun  2 22:28:26 2012
 <at>  <at>  -1 +1  <at>  <at> 
-2306
+2308

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=1345599&r1=1345598&r2=1345599&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Sat Jun  2 22:28:26 2012
 <at>  <at>  -1388,9 +1388,8  <at>  <at>  static apr_status_t ssl_io_filter_input(
         SSL_get0_next_proto_negotiated(
             inctx->ssl, &next_proto, &next_proto_len);
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
-                      "SSL NPN negotiated protocol: '%s'",
-                      apr_pstrmemdup(f->c->pool, (const char*)next_proto,
-                                     next_proto_len));
+                      APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'",
+                      next_proto_len, (const char*)next_proto);
         modssl_run_npn_proto_negotiated_hook(
             f->c, (const char*)next_proto, next_proto_len);
         inctx->npn_finished = 1;

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1345599&r1=1345598&r2=1345599&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sat Jun  2 22:28:26 2012
 <at>  <at>  -2189,7 +2189,7  <at>  <at>  int ssl_callback_AdvertiseNextProtos(SSL
         /* If the protocol name is too long (the length must fit in one byte),
          * then log an error and skip it. */
         if (length > 255) {
-            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
                           "SSL NPN protocol name too long (length=%u): %s",
                           length, string);
             continue;
 <at>  <at>  -2213,6 +2213,8  <at>  <at>  int ssl_callback_AdvertiseNextProtos(SSL
     for (i = 0; i < num_protos; ++i) {
         const char *string = APR_ARRAY_IDX(protos, i, const char*);
         apr_size_t length = strlen(string);
+        if (length > 255)
+            continue;
         *start = (unsigned char)length;
         ++start;
         memcpy(start, string, length * sizeof(unsigned char));