Package: libapache-mod-ssl
Severity: normal
modssl does not propoerly handle timeout situation when data are send
to the client
reproduce schema :
1. place some data on web serwer:
dd if=/dev/zero of=file bs=1M count=5
2. generate timeout :
to generate timeout i used iptables ( lets assume that 192.168.0.1 i web
serwer ip ) :
on client site:
# iptables -A INPUT -s 192.168.0.1 -p tcp --sport 443 -m limit --limit
10/h --limit-burst 10 -j ACCEPT
# iptables -A INPUT -s 192.168.0.1 -p tcp --sport 443 -j DROP
# openssl s_client -connect 192.168.0.1:443 -quiet
GET /file HTTP/1.0
Host: 192.168.0.1
after timeout we can see in apache error.log :
Jan 3 18:08:25 www apache[17209]: [info] [client 192.168.0.1] send body
timed out
Jan 3 18:08:26 www apache[2754]: [notice] child pid 17209 exit signal
Segmentation fault (11)
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.32
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libapache-mod-ssl depends on:
pn apache | apache-perl Not found.
ii libc6 2.3.2.ds1-22 GNU C Library: Shared
libraries an
ii libdb2 2:2.7.7.0-9 The Berkeley database
routines (ru
ii libexpat1 1.95.8-3 XML parsing C library -
runtime li
ii libssl0.9.6 0.9.6m-1sarge1 SSL shared libraries (old
version)
ii make 3.80-9 The GNU version of the
"make" util
ii openssl 0.9.7e-3sarge1 Secure Socket Layer (SSL)
binary a
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
