socket: fix segfaults when TLS management connections fail

Change-Id: I1fd085b04ad1ee68c982d3736b322c19dd12e071 BUG: 1160900 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/9059 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
author: Jeff Darcy <jdarcy@redhat.com> 2014-11-05 22:37:48 -0500
committer: Vijay Bellur <vbellur@redhat.com> 2015-01-27 06:03:58 -0800
commit: 0b9a6a63b50e0c4947233aee33fc86f603f77dd1 (patch)
tree: e9501036eef39043af45ea835144bcaab3197f62 /rpc/rpc-transport
parent: d8d0db420598e1f4cebc8f973f1eff36e93dd83d (diff)
1 files changed, 19 insertions, 11 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 2a6586beafd..107590b0273 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -394,10 +394,12 @@ done:
 static void
 ssl_teardown_connection (socket_private_t *priv)
 {
-        SSL_shutdown(priv->ssl_ssl);
-        SSL_clear(priv->ssl_ssl);
-        SSL_free(priv->ssl_ssl);
-        priv->ssl_ssl = NULL;
+        if (priv->ssl_ssl) {
+                SSL_shutdown(priv->ssl_ssl);
+                SSL_clear(priv->ssl_ssl);
+                SSL_free(priv->ssl_ssl);
+                priv->ssl_ssl = NULL;
+        }
         priv->use_ssl = _gf_false;
 }
 
@@ -560,12 +562,19 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                         --opcount;
                         continue;
                 }
-                if (write) {
+                if (priv->use_ssl && !priv->ssl_ssl) {
+                        /*
+                         * We could end up here with priv->ssl_ssl still NULL
+                         * if (a) the connection failed and (b) some fool
+                         * called other socket functions anyway.  Demoting to
+                         * non-SSL might be insecure, so just fail it outright.
+                         */
+                        ret = -1;
+                } else if (write) {
 			if (priv->use_ssl) {
-				ret = ssl_write_one(this,
-					opvector->iov_base, opvector->iov_len);
-			}
-			else {
+                                ret = ssl_write_one (this, opvector->iov_base,
+                                                     opvector->iov_len);
+			} else {
 				ret = writev (sock, opvector, IOV_MIN(opcount));
 			}
 
@@ -611,7 +620,7 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                                         strerror (errno));
                         }
 
-			if (priv->use_ssl) {
+			if (priv->use_ssl && priv->ssl_ssl) {
 				ssl_dump_error_stack(this->name);
 			}
                         opcount = -1;
@@ -3050,7 +3059,6 @@ handler:
                         if (priv->own_thread) {
                                 close(priv->sock);
                                 priv->sock = -1;
-                                goto unlock;
                         }
                         else {
                                 /* Ignore error from connect. epoll events
author	Jeff Darcy <jdarcy@redhat.com>	2014-11-05 22:37:48 -0500
committer	Vijay Bellur <vbellur@redhat.com>	2015-01-27 06:03:58 -0800
commit	0b9a6a63b50e0c4947233aee33fc86f603f77dd1 (patch)
tree	e9501036eef39043af45ea835144bcaab3197f62 /rpc/rpc-transport
parent	d8d0db420598e1f4cebc8f973f1eff36e93dd83d (diff)