socket: fix segfaults when TLS management connections fail

Backport of 0b9a6a6 from master. BUG: 1212684 Change-Id: Iec5410b937af150621b757924836cec638b5eb55 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.org/10280 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
author: Jeff Darcy <jdarcy@redhat.com> 2014-11-05 22:37:48 -0500
committer: Raghavendra Bhat <raghavendra@redhat.com> 2015-04-21 05:27:14 -0700
commit: 415f575279d30feccb7436b85121a3a5489fdcf7 (patch)
tree: 117d1eb580fa1f0a9880e23bf435da4ee84eb918
parent: c79d2b6836dc1c7223b90a9bb0af7940963ff0a5 (diff)
1 files changed, 19 insertions, 11 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 0917e0b2ecc..dd986e8444c 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -394,10 +394,12 @@ done:
 static void
 ssl_teardown_connection (socket_private_t *priv)
 {
-        SSL_shutdown(priv->ssl_ssl);
-        SSL_clear(priv->ssl_ssl);
-        SSL_free(priv->ssl_ssl);
-        priv->ssl_ssl = NULL;
+        if (priv->ssl_ssl) {
+                SSL_shutdown(priv->ssl_ssl);
+                SSL_clear(priv->ssl_ssl);
+                SSL_free(priv->ssl_ssl);
+                priv->ssl_ssl = NULL;
+        }
         priv->use_ssl = _gf_false;
 }
 
@@ -560,12 +562,19 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                         --opcount;
                         continue;
                 }
-                if (write) {
+                if (priv->use_ssl && !priv->ssl_ssl) {
+                        /*
+                         * We could end up here with priv->ssl_ssl still NULL
+                         * if (a) the connection failed and (b) some fool
+                         * called other socket functions anyway.  Demoting to
+                         * non-SSL might be insecure, so just fail it outright.
+                         */
+                        ret = -1;
+                } else if (write) {
 			if (priv->use_ssl) {
-				ret = ssl_write_one(this,
-					opvector->iov_base, opvector->iov_len);
-			}
-			else {
+                                ret = ssl_write_one (this, opvector->iov_base,
+                                                     opvector->iov_len);
+			} else {
 				ret = writev (sock, opvector, IOV_MIN(opcount));
 			}
 
@@ -611,7 +620,7 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                                         strerror (errno));
                         }
 
-			if (priv->use_ssl) {
+			if (priv->use_ssl && priv->ssl_ssl) {
 				ssl_dump_error_stack(this->name);
 			}
                         opcount = -1;
@@ -3041,7 +3050,6 @@ handler:
                         if (priv->own_thread) {
                                 close(priv->sock);
                                 priv->sock = -1;
-                                goto unlock;
                         }
                         else {
                                 /* Ignore error from connect. epoll events
author	Jeff Darcy <jdarcy@redhat.com>	2014-11-05 22:37:48 -0500
committer	Raghavendra Bhat <raghavendra@redhat.com>	2015-04-21 05:27:14 -0700
commit	415f575279d30feccb7436b85121a3a5489fdcf7 (patch)
tree	117d1eb580fa1f0a9880e23bf435da4ee84eb918
parent	c79d2b6836dc1c7223b90a9bb0af7940963ff0a5 (diff)