Changeset d18afb8 in mod_gnutls


Ignore:
Timestamp:
Jun 9, 2016, 12:33:30 PM (2 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
f450ac9
Parents:
c6572ec
Message:

Ensure that dbm_cache_fetch() does not return expired data

The cache entry might have expired since the last cache expiration
run. Check to prevent returning stale data.

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_cache.c

    rc6572ec rd18afb8  
    410410    apr_datum_t dbmkey = {(char*) key.data, key.size};
    411411    apr_datum_t dbmval;
     412    apr_time_t expiry = 0;
    412413    apr_status_t rv;
    413414
     
    437438
    438439    data.size = dbmval.dsize - sizeof (apr_time_t);
     440    /* get data expiration tag */
     441    expiry = *((apr_time_t *) dbmval.dptr);
    439442
    440443    data.data = gnutls_malloc(data.size);
     
    453456    apr_dbm_close(dbm);
    454457    apr_global_mutex_unlock(ctxt->sc->cache_mutex);
     458
     459    /* cache entry might have expired since last cache cleanup */
     460    if (expiry != 0 && expiry < apr_time_now())
     461    {
     462        gnutls_free(data.data);
     463        data.data = NULL;
     464        data.size = 0;
     465        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
     466                      "dropped expired cache data");
     467    }
    455468
    456469    return data;
  • src/gnutls_ocsp.c

    rc6572ec rd18afb8  
    427427    if (ocsp_response->size == 0)
    428428    {
    429         ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, ctxt->c,
     429        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_EGENERAL, ctxt->c,
    430430                      "Fetching OCSP response from cache failed.");
    431431    }
Note: See TracChangeset for help on using the changeset viewer.