From c6daaa4b8cc139c6582fe9c89fdb7fec027d869a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 7 Aug 2024 08:43:12 +0200 Subject: [PATCH] Attach/detach to the listening child socket when accepting TLS When TLS connection (TLSstream) connection was accepted, the children listening socket was not attached to sock->server and thus it could have been freed before all the accepted connections were actually closed. In turn, this would cause us to call isc_tls_free() too soon - causing cascade errors in pending SSL_read_ex() in the accepted connections. Properly attach and detach the children listening socket when accepting and closing the server connections. (cherry picked from commit 684f3eb8e62fb2dd2e6adf3272e87b1fd4b08579) --- lib/isc/netmgr/tlsstream.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index 7990351217..acb8f71c5d 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -916,6 +916,7 @@ tlslisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { tlssock = isc_mempool_get(handle->sock->worker->nmsocket_pool); isc__nmsocket_init(tlssock, handle->sock->worker, isc_nm_tlssocket, &local, NULL); + isc__nmsocket_attach(tlslistensock, &tlssock->server); /* We need to initialize SSL now to reference SSL_CTX properly */ tlsctx = tls_get_listener_tlsctx(tlslistensock, isc_tid()); @@ -1174,6 +1175,10 @@ isc__nm_tls_close(isc_nmsocket_t *sock) { isc__nmsocket_detach(&sock->listener); } + if (sock->server != NULL) { + isc__nmsocket_detach(&sock->server); + } + /* Further cleanup performed in isc__nm_tls_cleanup_data() */ sock->closed = true; sock->active = false;