diff options
| author | Jonathan Rose <jrose@digium.com> | 2011-11-30 21:10:38 +0000 |
|---|---|---|
| committer | Jonathan Rose <jrose@digium.com> | 2011-11-30 21:10:38 +0000 |
| commit | 6fa827b5d0f0c071b92be4047fa6b4f008e1e200 (patch) | |
| tree | 141401c350fcf5583cb3c6ab22012cbff35a245d /main/tcptls.c | |
| parent | cb21847e0377ef844bc8f075e0605ac5d5c84aa9 (diff) | |
Cleaning up chan_sip/tcptls file descriptor closing.
This patch attempts to eliminate various possible instances of undefined behavior caused
by invoking close/fclose in situations where fclose may have already been issued on a
tcptls_session_instance and/or closing file descriptors that don't have a valid index
for fd (-1). Thanks for more than a little help from wdoekes.
(closes issue ASTERISK-18700)
Reported by: Erik Wallin
(issue ASTERISK-18345)
Reported by: Stephane Cazelas
(issue ASTERISK-18342)
Reported by: Stephane Chazelas
Review: https://reviewboard.asterisk.org/r/1576/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@346525 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 52 |
1 files changed, 42 insertions, 10 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index 5a177a884..71d527c5b 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -78,9 +78,23 @@ static HOOK_T ssl_write(void *cookie, const char *buf, LEN_T len) static int ssl_close(void *cookie) { - close(SSL_get_fd(cookie)); - SSL_shutdown(cookie); - SSL_free(cookie); + int cookie_fd = SSL_get_fd(cookie); + int ret; + if (cookie_fd > -1) { + /* + * According to the TLS standard, it is acceptable for an application to only send its shutdown + * alert and then close the underlying connection without waiting for the peer's response (this + * way resources can be saved, as the process can already terminate or serve another connection). + */ + if ((ret = SSL_shutdown(cookie)) < 0) { + ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret)); + } + SSL_free(cookie); + /* adding shutdown(2) here has no added benefit */ + if (close(cookie_fd)) { + ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); + } + } return 0; } #endif /* DO_SSL */ @@ -145,8 +159,7 @@ static void *handle_tcptls_connection(void *data) if (!tcptls_session->parent->tls_cfg) { if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) { if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) { - fclose(tcptls_session->f); - tcptls_session->f = NULL; + ast_tcptls_close_session_file(tcptls_session); } } } @@ -212,8 +225,7 @@ static void *handle_tcptls_connection(void *data) if (peer) { X509_free(peer); } - close(tcptls_session->fd); - fclose(tcptls_session->f); + ast_tcptls_close_session_file(tcptls_session); ao2_ref(tcptls_session, -1); return NULL; } @@ -230,7 +242,7 @@ static void *handle_tcptls_connection(void *data) #endif /* DO_SSL */ if (!tcptls_session->f) { - close(tcptls_session->fd); + ast_tcptls_close_session_file(tcptls_session); ast_log(LOG_WARNING, "FILE * open failed!\n"); #ifndef DO_SSL if (tcptls_session->parent->tls_cfg) { @@ -276,7 +288,9 @@ void *ast_tcptls_server_root(void *data) tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor); if (!tcptls_session) { ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno)); - close(fd); + if (close(fd)) { + ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); + } continue; } @@ -293,7 +307,7 @@ void *ast_tcptls_server_root(void *data) /* This thread is now the only place that controls the single ref to tcptls_session */ if (ast_pthread_create_detached_background(&launched, NULL, handle_tcptls_connection, tcptls_session)) { ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno)); - close(tcptls_session->fd); + ast_tcptls_close_session_file(tcptls_session); ao2_ref(tcptls_session, -1); } } @@ -558,6 +572,24 @@ error: desc->accept_fd = -1; } +void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session) +{ + if (tcptls_session->f) { + if (fclose(tcptls_session->f)) { + ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno)); + } + tcptls_session->f = NULL; + tcptls_session->fd = -1; + } else if (tcptls_session->fd != -1) { + if (close(tcptls_session->fd)) { + ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); + } + tcptls_session->fd = -1; + } else { + ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n"); + } +} + void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc) { if (desc->master != AST_PTHREADT_NULL) { |