diff options
| author | Joe Orton <jorton@apache.org> | 2008-02-25 10:04:37 +0000 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2008-02-25 10:04:37 +0000 |
| commit | cb76497fd9697f8a80b67ed169dbef6de975bd0a (patch) | |
| tree | 29fc3f8982f9e602038e0cc52dbdd886598c9a79 /modules/ssl | |
| parent | 7e51838a6477a5a90a9303b0518e12bcef2ae7c0 (diff) | |
| download | httpd-cb76497fd9697f8a80b67ed169dbef6de975bd0a.tar.gz | |
* modules/ssl/ssl_scache_shmcb.c (shmcb_subcache_retrieve,
shmcbc_subcache_remove): Restore check for idx->removed flag.
Found by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630786 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl')
| -rw-r--r-- | modules/ssl/ssl_scache_shmcb.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c index adcd9e2b54..7c2d633a8a 100644 --- a/modules/ssl/ssl_scache_shmcb.c +++ b/modules/ssl/ssl_scache_shmcb.c @@ -728,7 +728,8 @@ static BOOL shmcb_subcache_retrieve(server_rec *s, SHMCBHeader *header, * flag isn't set; check the data length too to avoid a buffer * overflow in case of corruption, which should be impossible, * but it's cheap to be safe. */ - if (idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen + if (!idx->removed + && idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen && shmcb_cyclic_memcmp(header->subcache_data_size, SHMCB_DATA(header, subcache), idx->data_pos, id, idx->id_len) == 0) { @@ -780,7 +781,7 @@ static BOOL shmcb_subcache_remove(server_rec *s, SHMCBHeader *header, /* Only consider 'idx' if the id matches, and the "removed" * flag isn't set. */ - if (idx->id_len == idlen + if (!idx->removed && idx->id_len == idlen && shmcb_cyclic_memcmp(header->subcache_data_size, SHMCB_DATA(header, subcache), idx->data_pos, id, idx->id_len) == 0) { |