From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 25 Nov 2020 09:22:11 +0000 (+0100)
Subject: - Better fix for reuse tree comparison for is-tls sockets.  Where
X-Git-Tag: release-1.13.0rc2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b644b7965e2e63f88cdee49ab1a88eba4fbded5;p=thirdparty%2Funbound.git

- Better fix for reuse tree comparison for is-tls sockets.  Where
  the tree key identity is preserved after cleanup of the TLS state.
---

diff --git a/doc/Changelog b/doc/Changelog
index 0ceba16b4..646c7f6fe 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 25 November 2020: Wouter
 	- with udp-connect ignore connection refused with UDP timeouts.
 	- Fix udp-connect on FreeBSD, do send calls on connected UDP socket.
+	- Better fix for reuse tree comparison for is-tls sockets.  Where
+	  the tree key identity is preserved after cleanup of the TLS state.
 
 24 November 2020: Wouter
 	- Merge PR #283 : Stream reuse.  This implements upstream stream
diff --git a/services/outside_network.c b/services/outside_network.c
index 724550632..0a940aaf2 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -146,9 +146,9 @@ reuse_cmp_addrportssl(const void* key1, const void* key2)
 		return r;
 
 	/* compare if SSL-enabled */
-	if(r1->pending->c->ssl && !r2->pending->c->ssl)
+	if(r1->is_ssl && !r2->is_ssl)
 		return 1;
-	if(!r1->pending->c->ssl && r2->pending->c->ssl)
+	if(!r1->is_ssl && r2->is_ssl)
 		return -1;
 	return 0;
 }
@@ -465,8 +465,8 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr,
 	key_p.c = &c;
 	key_p.reuse.pending = &key_p;
 	key_p.reuse.node.key = &key_p.reuse;
-	if(use_ssl) /* something nonNULL for comparisons in tree */
-		key_p.c->ssl = (void*)1;
+	if(use_ssl)
+		key_p.reuse.is_ssl = 1;
 	if(addrlen > sizeof(key_p.reuse.addr))
 		return NULL;
 	memmove(&key_p.reuse.addr, addr, addrlen);
@@ -657,6 +657,9 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
 	pend->c->repinfo.addrlen = w->addrlen;
 	memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen);
 	pend->reuse.pending = pend;
+	if(pend->c->ssl)
+		pend->reuse.is_ssl = 1;
+	else	pend->reuse.is_ssl = 0;
 	/* insert in reuse by address tree if not already inserted there */
 	(void)reuse_tcp_insert(w->outnet, pend);
 	reuse_tree_by_id_insert(&pend->reuse, w);
diff --git a/services/outside_network.h b/services/outside_network.h
index 7dade240b..48f9d3f03 100644
--- a/services/outside_network.h
+++ b/services/outside_network.h
@@ -247,6 +247,8 @@ struct reuse_tcp {
 	struct sockaddr_storage addr;
 	/** length of addr */
 	socklen_t addrlen;
+	/** also key for tcp_reuse tree, if ssl is used */
+	int is_ssl;
 	/** lru chain, so that the oldest can be removed to get a new
 	 * connection when all are in (re)use. oldest is last in list.
 	 * The lru only contains empty connections waiting for reuse,