summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-transport
diff options
context:
space:
mode:
authorJeff Darcy <jdarcy@redhat.com>2014-11-05 22:37:48 -0500
committerVijay Bellur <vbellur@redhat.com>2015-01-27 06:03:58 -0800
commit0b9a6a63b50e0c4947233aee33fc86f603f77dd1 (patch)
treee9501036eef39043af45ea835144bcaab3197f62 /rpc/rpc-transport
parentd8d0db420598e1f4cebc8f973f1eff36e93dd83d (diff)
socket: fix segfaults when TLS management connections fail
Change-Id: I1fd085b04ad1ee68c982d3736b322c19dd12e071 BUG: 1160900 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/9059 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'rpc/rpc-transport')
-rw-r--r--rpc/rpc-transport/socket/src/socket.c30
1 files changed, 19 insertions, 11 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 2a6586beafd..107590b0273 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -394,10 +394,12 @@ done:
static void
ssl_teardown_connection (socket_private_t *priv)
{
- SSL_shutdown(priv->ssl_ssl);
- SSL_clear(priv->ssl_ssl);
- SSL_free(priv->ssl_ssl);
- priv->ssl_ssl = NULL;
+ if (priv->ssl_ssl) {
+ SSL_shutdown(priv->ssl_ssl);
+ SSL_clear(priv->ssl_ssl);
+ SSL_free(priv->ssl_ssl);
+ priv->ssl_ssl = NULL;
+ }
priv->use_ssl = _gf_false;
}
@@ -560,12 +562,19 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
--opcount;
continue;
}
- if (write) {
+ if (priv->use_ssl && !priv->ssl_ssl) {
+ /*
+ * We could end up here with priv->ssl_ssl still NULL
+ * if (a) the connection failed and (b) some fool
+ * called other socket functions anyway. Demoting to
+ * non-SSL might be insecure, so just fail it outright.
+ */
+ ret = -1;
+ } else if (write) {
if (priv->use_ssl) {
- ret = ssl_write_one(this,
- opvector->iov_base, opvector->iov_len);
- }
- else {
+ ret = ssl_write_one (this, opvector->iov_base,
+ opvector->iov_len);
+ } else {
ret = writev (sock, opvector, IOV_MIN(opcount));
}
@@ -611,7 +620,7 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
strerror (errno));
}
- if (priv->use_ssl) {
+ if (priv->use_ssl && priv->ssl_ssl) {
ssl_dump_error_stack(this->name);
}
opcount = -1;
@@ -3050,7 +3059,6 @@ handler:
if (priv->own_thread) {
close(priv->sock);
priv->sock = -1;
- goto unlock;
}
else {
/* Ignore error from connect. epoll events