Bug 66224 - Lacking a check for the return value of SSL_peek()

Summary: Lacking a check for the return value of SSL_peek()

Status: NEW Alias: None Product: Apache httpd-2 Classification: Unclassified Component: mod_ssl (show other bugs) Version: 2.5-HEAD Hardware: PC Mac OS X 10.1 Importance: P2 critical (vote) Target Milestone: --- Assignee: Apache HTTPD Bugs Mailing List URL: Keywords: Depends on: Blocks:		Reported: 2022-08-17 04:27 UTC by UVScan Modified: 2022-08-17 06:44 UTC (History) CC List: 0 users

Attachments Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug.

Description UVScan 2022-08-17 04:27:12 UTC According to the descriptions of SSL_peek(), it has two kinds of return values. But in httpd-2.4.53/modules/ssl/ssl_engine_kernel.c, we find it lacks a check for the return value of SSL_peek(). Reference: https://www.openssl.org/docs/man1.1.1/man3/SSL_peek.html

---

• Format For Printing
•  - XML
•  - Clone This Bug
•  - Top of page

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]