From: Emeric Brun Date: Wed, 31 May 2017 10:02:53 +0000 (+0000) Subject: BUG/MAJOR: ssl: fix segfault on connection close using async engines. X-Git-Tag: v1.8-dev3~306 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce9e01c6744262ec2bf88aa71f72bd8042dcad89;p=thirdparty%2Fhaproxy.git BUG/MAJOR: ssl: fix segfault on connection close using async engines. This patch ensure that the ASYNC fd handlers won't be wake up too early, disabling the event cache for this fd on connection close and when a WANT_ASYNC is rised by Openssl. The calls to SSL_read/SSL_write/SSL_do_handshake before rising a real read event from the ASYNC fd, generated an EAGAIN followed by a context switch for some engines, or a blocked read for the others. On connection close it resulted in a too early call to SSL_free followed by a segmentation fault. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 885aff9734..c8e6b57b69 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -454,8 +454,16 @@ static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl) /* We activate the polling for all known async fds */ SSL_get_all_async_fds(ssl, add_fd, &num_add_fds); - for (i=0 ; i < num_add_fds ; i++) + for (i=0 ; i < num_add_fds ; i++) { fd_want_recv(add_fd[i]); + /* To ensure that the fd cache won't be used + * We'll prefer to catch a real RD event + * because handling an EAGAIN on this fd will + * result in a context switch and also + * some engines uses a fd in blocking mode. + */ + fd_cant_recv(add_fd[i]); + } /* We must also prevent the conn_handler * to be called until a read event was @@ -5037,6 +5045,10 @@ static void ssl_sock_close(struct connection *conn) { fdtab[afd].iocb = ssl_async_fd_free; fdtab[afd].owner = conn->xprt_ctx; fd_want_recv(afd); + /* To ensure that the fd cache won't be used + * and we'll catch a real RD event. + */ + fd_cant_recv(afd); } conn->xprt_ctx = NULL; jobs++;