socket: fix segfaults when TLS management connections fail

Change-Id: I1fd085b04ad1ee68c982d3736b322c19dd12e071 BUG: 1160900 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/9059 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
2014-11-05 22:37:48 -05:00 · 2014-11-05 22:37:48 -05:00 · 0b9a6a63b5
commit 0b9a6a63b5
parent d8d0db4205
1 changed files with 19 additions and 11 deletions
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@ -394,10 +394,12 @@ done:
 static void
 ssl_teardown_connection (socket_private_t *priv)
 {
-        SSL_shutdown(priv->ssl_ssl);
-        SSL_clear(priv->ssl_ssl);
-        SSL_free(priv->ssl_ssl);
-        priv->ssl_ssl = NULL;
+        if (priv->ssl_ssl) {
+                SSL_shutdown(priv->ssl_ssl);
+                SSL_clear(priv->ssl_ssl);
+                SSL_free(priv->ssl_ssl);
+                priv->ssl_ssl = NULL;
+        }
        priv->use_ssl = _gf_false;
 }

@ -560,12 +562,19 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                        --opcount;
                        continue;
                }
-                if (write) {
+                if (priv->use_ssl && !priv->ssl_ssl) {
+                        /*
+                         * We could end up here with priv->ssl_ssl still NULL
+                         * if (a) the connection failed and (b) some fool
+                         * called other socket functions anyway.  Demoting to
+                         * non-SSL might be insecure, so just fail it outright.
+                         */
+                        ret = -1;
+                } else if (write) {
 			if (priv->use_ssl) {
-				ret = ssl_write_one(this,
-					opvector->iov_base, opvector->iov_len);
-			}
-			else {
+                                ret = ssl_write_one (this, opvector->iov_base,
+                                                     opvector->iov_len);
+			} else {
 				ret = writev (sock, opvector, IOV_MIN(opcount));
 			}

@ -611,7 +620,7 @@ __socket_rwv (rpc_transport_t *this, struct iovec *vector, int count,
                                        strerror (errno));
                        }

-			if (priv->use_ssl) {
+			if (priv->use_ssl && priv->ssl_ssl) {
 				ssl_dump_error_stack(this->name);
 			}
                        opcount = -1;
@ -3050,7 +3059,6 @@ handler:
                        if (priv->own_thread) {
                                close(priv->sock);
                                priv->sock = -1;
-                                goto unlock;
                        }
                        else {
                                /* Ignore error from connect. epoll events