Ignore:
Timestamp:
Oct 13, 2016 9:02:50 AM (8 years ago)
Author:
riza
Message:

Re #1969: Fix crash on using an already destroyed SSL socket.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5367 r5459  
    823823    asock = ssock->asock; 
    824824    if (asock) { 
    825         ssock->asock = NULL; 
     825        // Don't set ssock->asock to NULL, as it may trigger assertion in 
     826        // send operation. This should be safe as active socket will simply 
     827        // return PJ_EINVALIDOP on any operation if it is already closed. 
     828        //ssock->asock = NULL; 
    826829        ssock->sock = PJ_INVALID_SOCKET; 
    827830    } 
     
    842845static void reset_ssl_sock_state(pj_ssl_sock_t *ssock) 
    843846{ 
     847    pj_lock_acquire(ssock->write_mutex); 
    844848    ssock->ssl_state = SSL_STATE_NULL; 
    845  
    846     destroy_ssl(ssock); 
     849    pj_lock_release(ssock->write_mutex); 
    847850 
    848851    close_sockets(ssock); 
     
    16131616} 
    16141617 
     1618static void ssl_on_destroy(void *arg) 
     1619{ 
     1620    pj_pool_t *pool = NULL; 
     1621    pj_ssl_sock_t *ssock = (pj_ssl_sock_t*)arg; 
     1622 
     1623    destroy_ssl(ssock); 
     1624 
     1625    pj_lock_destroy(ssock->write_mutex); 
     1626 
     1627    pool = ssock->pool; 
     1628    ssock->pool = NULL; 
     1629    if (pool) 
     1630        pj_pool_release(pool); 
     1631} 
     1632 
    16151633 
    16161634/* 
     
    18311849    /* Create new SSL socket instance */ 
    18321850    status = pj_ssl_sock_create(ssock_parent->pool, 
    1833                                 &ssock_parent->newsock_param, &ssock); 
     1851                                &ssock_parent->newsock_param, &ssock); 
    18341852    if (status != PJ_SUCCESS) 
    18351853        goto on_return; 
     
    19071925            goto on_return; 
    19081926 
    1909         /* Temporarily add ref the group lock until active socket creation, 
    1910          * to make sure that group lock is destroyed if the active socket 
    1911          * creation fails. 
    1912          */ 
    19131927        pj_grp_lock_add_ref(glock); 
    19141928        asock_cfg.grp_lock = ssock->param.grp_lock = glock; 
     1929        pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock, 
     1930                                ssl_on_destroy); 
    19151931    } 
    19161932 
     
    19271943                                  ssock, 
    19281944                                  &ssock->asock); 
    1929  
    1930     /* This will destroy the group lock if active socket creation fails */ 
    1931     if (asock_cfg.grp_lock) { 
    1932         pj_grp_lock_dec_ref(asock_cfg.grp_lock); 
    1933     } 
    19341945 
    19351946    if (status != PJ_SUCCESS) 
     
    22522263    status = pj_lock_create_recursive_mutex(pool, pool->obj_name, 
    22532264                                            &ssock->write_mutex); 
    2254     if (status != PJ_SUCCESS) 
     2265    if (status != PJ_SUCCESS) { 
     2266        pj_pool_release(pool); 
    22552267        return status; 
     2268    } 
    22562269 
    22572270    /* Init secure socket param */ 
    22582271    pj_ssl_sock_param_copy(pool, &ssock->param, param); 
     2272 
     2273    if (ssock->param.grp_lock) { 
     2274        pj_grp_lock_add_ref(ssock->param.grp_lock); 
     2275        pj_grp_lock_add_handler(ssock->param.grp_lock, pool, ssock, 
     2276                                ssl_on_destroy); 
     2277    } 
     2278 
    22592279    ssock->param.read_buffer_size = ((ssock->param.read_buffer_size+7)>>3)<<3; 
    22602280    if (!ssock->param.timer_heap) { 
    22612281        PJ_LOG(3,(ssock->pool->obj_name, "Warning: timer heap is not " 
    22622282                  "available. It is recommended to supply one to avoid " 
    2263                   "a race condition if more than one worker threads " 
    2264                   "are used.")); 
     2283                  "a race condition if more than one worker threads " 
     2284                  "are used.")); 
    22652285    } 
    22662286 
     
    22782298PJ_DEF(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock) 
    22792299{ 
    2280     pj_pool_t *pool; 
    2281  
    22822300    PJ_ASSERT_RETURN(ssock, PJ_EINVAL); 
    22832301 
     
    22912309 
    22922310    reset_ssl_sock_state(ssock); 
    2293     pj_lock_destroy(ssock->write_mutex); 
    2294      
    2295     pool = ssock->pool; 
    2296     ssock->pool = NULL; 
    2297     if (pool) 
    2298         pj_pool_release(pool); 
     2311    if (ssock->param.grp_lock) { 
     2312        pj_grp_lock_dec_ref(ssock->param.grp_lock); 
     2313    } else { 
     2314        ssl_on_destroy(ssock); 
     2315    } 
    22992316 
    23002317    return PJ_SUCCESS; 
     
    27832800    /* Start accepting */ 
    27842801    pj_ssl_sock_param_copy(pool, &ssock->newsock_param, newsock_param); 
     2802    ssock->newsock_param.grp_lock = NULL; 
    27852803    status = pj_activesock_start_accept(ssock->asock, pool); 
    27862804    if (status != PJ_SUCCESS) 
Note: See TracChangeset for help on using the changeset viewer.