Changeset 641d11b in mod_gnutls for src/gnutls_cache.c


Ignore:
Timestamp:
Jun 5, 2020, 2:18:27 PM (13 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
e6d9e47
Parents:
2b1b52f
Message:

Delete session tickets for proxy connections when using them

Tickets should not be reused because an attacker could correlate
connections using the same ticket. Cache deletion code has been
extracted from socache_delete_session() into a generic function.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_cache.c

    r2b1b52f r641d11b  
    269269
    270270
     271apr_status_t mgs_cache_delete(mgs_cache_t cache, server_rec *server,
     272                              gnutls_datum_t key, apr_pool_t *pool)
     273{
     274    apr_pool_t *spool;
     275    apr_pool_create(&spool, pool);
     276
     277    if (cache->prov->flags & AP_SOCACHE_FLAG_NOTMPSAFE)
     278        apr_global_mutex_lock(cache->mutex);
     279    apr_status_t rv = cache->prov->remove(cache->socache, server,
     280                                          key.data, key.size,
     281                                          spool);
     282    if (cache->prov->flags & AP_SOCACHE_FLAG_NOTMPSAFE)
     283        apr_global_mutex_unlock(cache->mutex);
     284
     285    if (rv != APR_SUCCESS)
     286        ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, server,
     287                     "error deleting from cache '%s:%s'",
     288                     cache->prov->name, cache->config);
     289    else
     290        ap_log_error(APLOG_MARK, APLOG_TRACE1, rv, server,
     291                     "deleted entry from cache '%s:%s'",
     292                     cache->prov->name, cache->config);
     293    apr_pool_destroy(spool);
     294    return rv;
     295}
     296
     297
     298
    271299/**
    272300 * Remove function for the GnuTLS session cache, see
     
    288316        return -1;
    289317
    290     if (ctxt->sc->cache->prov->flags & AP_SOCACHE_FLAG_NOTMPSAFE)
    291         apr_global_mutex_lock(ctxt->sc->cache->mutex);
    292     apr_status_t rv = ctxt->sc->cache->prov->remove(ctxt->sc->cache->socache,
    293                                                     ctxt->c->base_server,
    294                                                     dbmkey.data, dbmkey.size,
    295                                                     ctxt->c->pool);
    296     if (ctxt->sc->cache->prov->flags & AP_SOCACHE_FLAG_NOTMPSAFE)
    297         apr_global_mutex_unlock(ctxt->sc->cache->mutex);
    298 
    299     if (rv != APR_SUCCESS) {
    300         ap_log_error(APLOG_MARK, APLOG_NOTICE, rv,
    301                      ctxt->c->base_server,
    302                      "error deleting from cache '%s:%s'",
    303                      ctxt->sc->cache->prov->name, ctxt->sc->cache->config);
     318    apr_status_t rv = mgs_cache_delete(ctxt->sc->cache, ctxt->c->base_server,
     319                                       dbmkey, ctxt->c->pool);
     320    if (rv != APR_SUCCESS)
    304321        return -1;
    305     }
    306     return 0;
     322    else
     323        return 0;
    307324}
    308325
Note: See TracChangeset for help on using the changeset viewer.