File apache2-CVE-2017-3169.patch of Package apache2.34694
--- 2.4.x/modules/ssl/ssl_engine_io.c 2017/05/30 12:25:13 1796853
+++ 2.4.x/modules/ssl/ssl_engine_io.c 2017/05/30 12:26:05 1796854
@@ -936,20 +936,21 @@
* establish an outgoing SSL connection. */
#define MODSSL_ERROR_BAD_GATEWAY (APR_OS_START_USERERR + 1)
-static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
+static void ssl_io_filter_disable(SSLConnRec *sslconn,
+ bio_filter_in_ctx_t *inctx)
{
- bio_filter_in_ctx_t *inctx = f->ctx;
SSL_free(inctx->ssl);
sslconn->ssl = NULL;
inctx->ssl = NULL;
inctx->filter_ctx->pssl = NULL;
}
-static apr_status_t ssl_io_filter_error(ap_filter_t *f,
+static apr_status_t ssl_io_filter_error(bio_filter_in_ctx_t *inctx,
apr_bucket_brigade *bb,
apr_status_t status,
int is_init)
{
+ ap_filter_t *f = inctx->f;
SSLConnRec *sslconn = myConnConfig(f->c);
apr_bucket *bucket;
int send_eos = 1;
@@ -962,7 +963,7 @@
"trying to send HTML error page");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
- ssl_io_filter_disable(sslconn, f);
+ ssl_io_filter_disable(sslconn, inctx);
f->c->keepalive = AP_CONN_CLOSE;
if (is_init) {
sslconn->non_ssl_request = NON_SSL_SEND_REQLINE;
@@ -1513,7 +1514,7 @@
* rather than have SSLEngine On configured.
*/
if ((status = ssl_io_filter_handshake(inctx->filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status, is_init);
+ return ssl_io_filter_error(inctx, bb, status, is_init);
}
if (is_init) {
@@ -1567,7 +1568,7 @@
/* Handle custom errors. */
if (status != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status, 0);
+ return ssl_io_filter_error(inctx, bb, status, 0);
}
/* Create a transient bucket out of the decrypted data. */
@@ -1752,7 +1753,7 @@
inctx->block = APR_BLOCK_READ;
if ((status = ssl_io_filter_handshake(filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status, 0);
+ return ssl_io_filter_error(inctx, bb, status, 0);
}
while (!APR_BRIGADE_EMPTY(bb) && status == APR_SUCCESS) {
