From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 22 Feb 2020 13:38:16 +0000 (+0100)
Subject: Don't crash when blocking a CONNECT request with https filtering enabled
X-Git-Tag: v_3_0_29~503
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/static/@default-cgi@/static/gitweb.js?a=commitdiff_plain;h=0362b68a48335dbecbdbd1cb1f346ec73ba94826;p=privoxy.git

Don't crash when blocking a CONNECT request with https filtering enabled

Previously ssl_send_data() was called before the TLS context was
setup which resulted in a segfault in mbedtls_ssl_get_max_frag_len().
---

diff --git a/jcc.c b/jcc.c
index 654822af..591edd71 100644
--- a/jcc.c
+++ b/jcc.c
@@ -3611,9 +3611,12 @@ static void chat(struct client_state *csp)
    build_request_line(csp, fwd, &csp->headers->first->str);
 
    /*
-    * We have a request. Check if one of the crunchers wants it.
+    * We have a request. Check if one of the crunchers wants it
+    * unless the client wants to use TLS/SSL in which case we
+    * haven't setup the TLS context yet and will send the crunch
+    * response later.
     */
-   if (crunch_response_triggered(csp, crunchers_all))
+   if (!client_use_ssl(csp) && crunch_response_triggered(csp, crunchers_all))
    {
       /*
        * Yes. The client got the crunch response and we're done here.