From: Michael Kourlas <michael.kourlas@solace.com>
Date: Fri, 30 May 2025 21:57:23 +0000 (-0400)
Subject: ITS#10330 keep socket non-blocking during polling in ldap_int_tls_start
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=585e6aa9a55400f50300fb1b131b7d8960103b86;p=thirdparty%2Fopenldap.git

ITS#10330 keep socket non-blocking during polling in ldap_int_tls_start

During TLS negotiation, if a timeout is set, ldap_int_tls_start sets the
socket to non-blocking and calls ldap_int_poll in a loop if
ldap_int_tls_connect does not succeed the first time it is called.

However, ldap_int_poll sets the socket back to blocking and we currently
do not set it back to non-blocking. This means that a subsequent call to
ldap_int_tls_connect may hang and the configured timeout will not be
enforced. To fix this, we now set the socket back to non-blocking after
ldap_int_poll is called.
---

diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 3a07aa0edd..1bda3fb2aa 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -1227,6 +1227,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 				ld->ld_errno = LDAP_TIMEOUT;
 				break;
 			}
+			/* ldap_int_poll switches the socket back to blocking, but we want
+			 * it non-blocking before calling ldap_int_tls_connect */
+			ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
 		}
 		ret = ldap_int_tls_connect( ld, conn, host );
 	}