summaryrefslogtreecommitdiff
path: root/www/lighttpd/patches/patch-aa
diff options
context:
space:
mode:
Diffstat (limited to 'www/lighttpd/patches/patch-aa')
-rw-r--r--www/lighttpd/patches/patch-aa69
1 files changed, 0 insertions, 69 deletions
diff --git a/www/lighttpd/patches/patch-aa b/www/lighttpd/patches/patch-aa
deleted file mode 100644
index 1ab9dbad3da..00000000000
--- a/www/lighttpd/patches/patch-aa
+++ /dev/null
@@ -1,69 +0,0 @@
-$NetBSD: patch-aa,v 1.9 2008/04/25 19:58:17 joerg Exp $
-
-From SVN: Fix potential DOS by clearing SSL error queue.
-
---- src/connections.c.orig 2008-04-25 18:28:26.000000000 +0200
-+++ src/connections.c
-@@ -199,6 +199,7 @@ static int connection_handle_read_ssl(se
-
- /* don't resize the buffer if we were in SSL_ERROR_WANT_* */
-
-+ ERR_clear_error();
- do {
- if (!con->ssl_error_want_reuse_buffer) {
- b = buffer_init();
-@@ -1668,19 +1669,47 @@ int connection_state_machine(server *srv
- }
- #ifdef USE_OPENSSL
- if (srv_sock->is_ssl) {
-- int ret;
-+ int ret, ssl_r;
-+ unsigned long err;
-+ ERR_clear_error();
- switch ((ret = SSL_shutdown(con->ssl))) {
- case 1:
- /* ok */
- break;
- case 0:
-- SSL_shutdown(con->ssl);
-- break;
-+ ERR_clear_error();
-+ if (-1 != (ret = SSL_shutdown(con->ssl))) break;
-+
-+ // fall through
- default:
-- log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
-- SSL_get_error(con->ssl, ret),
-- ERR_error_string(ERR_get_error(), NULL));
-- return -1;
-+
-+ switch ((ssl_r = SSL_get_error(con->ssl, ret))) {
-+ case SSL_ERROR_WANT_WRITE:
-+ case SSL_ERROR_WANT_READ:
-+ break;
-+ case SSL_ERROR_SYSCALL:
-+ /* perhaps we have error waiting in our error-queue */
-+ if (0 != (err = ERR_get_error())) {
-+ do {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ } while ((err = ERR_get_error()));
-+ } else {
-+ log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):",
-+ ssl_r, r, errno,
-+ strerror(errno));
-+ }
-+ break;
-+
-+ default:
-+ while ((err = ERR_get_error())) {
-+ log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:",
-+ ssl_r, ret,
-+ ERR_error_string(err, NULL));
-+ }
-+ break;
-+ }
- }
- }
- #endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-21 22:03:26 +0000