Implement a (bounded) buffer of request body data to provide a limited

but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:

* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.

* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.

PR: 12355


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 4 insertions, 0 deletions

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 88510bc2ac..2e8978140f 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -595,6 +595,10 @@ void         ssl_io_filter_init(conn_rec *, SSL *);
 void         ssl_io_filter_register(apr_pool_t *);
 long         ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
 
+/* ssl_io_buffer_fill fills the setaside buffering of the HTTP request
+ * to allow an SSL renegotiation to take place. */
+int          ssl_io_buffer_fill(request_rec *r);
+
 /**  PRNG  */
 int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);