upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Attach/detach to the listening child socket when accepting TLS

Browse source 
When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could have
been freed before all the accepted connections were actually closed.

In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.

Properly attach and detach the children listening socket when accepting
and closing the server connections.

(cherry picked from commit 684f3eb8e6)
This commit is contained in:
Ondřej Surý 2024-08-07 08:43:12 +02:00
parent 0d1953d7a8
commit 875755d9ea
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/isc/netmgr/tlsstream.c
View file

@ -711,6 +711,7 @@ tlslisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
tlssock = isc_mem_get(handle->sock->mgr->mctx, sizeof(*tlssock));
isc__nmsocket_init(tlssock, handle->sock->mgr, isc_nm_tlssocket,
&handle->sock->iface);
isc__nmsocket_attach(tlslistensock, &tlssock->server);
tid = isc_nm_tid();
/* We need to initialize SSL now to reference SSL_CTX properly */
@ -945,6 +946,10 @@ tls_close_direct(isc_nmsocket_t *sock) {
isc__nmsocket_detach(&sock->listener);
}
if (sock->server != NULL) {
isc__nmsocket_detach(&sock->server);
}
/* Further cleanup performed in isc__nm_tls_cleanup_data() */
atomic_store(&sock->closed, true);
atomic_store(&sock->active, false);