Don't close the dbm until after we have copied the datum retrieved by the fetch (e0ff4187) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/ssl/ssl_scache_dbm.c

+15 −10

Original line number	Diff line number	Diff line
		@@ -218,34 +218,39 @@ SSL_SESSION ssl_scache_dbm_retrieve(server_rec s, UCHAR *id, int idlen)
		dbmkey.dptr = (char *)id;
		dbmkey.dsize = idlen;

		/* and fetch it from the DBM file */
		ssl_mutex_on(s);
		/* and fetch it from the DBM file
		* XXX: Should we open the dbm against r->pool so the cleanup will
		* do the apr_dbm_close? This would make the code a bit cleaner.
		*/
		if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
		APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
		ssl_log(s, SSL_LOG_ERROR\|SSL_ADD_ERRNO,
		"Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
		mc->szSessionCacheDataFile);
		ssl_mutex_off(s);
		return NULL;
		}
		rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
		if (rc != APR_SUCCESS) {
		apr_dbm_close(dbm);
		ssl_mutex_off(s);

		/* immediately return if not found */
		if (rc != APR_SUCCESS)
		return NULL;
		if (dbmval.dptr == NULL \|\| dbmval.dsize <= sizeof(time_t))
		}
		if (dbmval.dptr == NULL \|\| dbmval.dsize <= sizeof(time_t)) {
		apr_dbm_close(dbm);
		return NULL;
		}

		/* parse resulting data */
		nData = dbmval.dsize-sizeof(time_t);
		ucpData = (UCHAR *)malloc(nData);
		if (ucpData == NULL)
		if (ucpData == NULL) {
		apr_dbm_close(dbm);
		return NULL;
		}
		memcpy(ucpData, (char *)dbmval.dptr+sizeof(time_t), nData);
		memcpy(&expiry, dbmval.dptr, sizeof(time_t));

		apr_dbm_close(dbm);

		/* make sure the stuff is still not expired */
		now = time(NULL);
		if (expiry <= now) {