]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
TLS: try to close TCP socket descriptor earlier when possible
authorArtem Boldariev <artem@boldariev.com>
Tue, 13 Apr 2021 15:45:10 +0000 (18:45 +0300)
committerArtem Boldariev <artem@boldariev.com>
Thu, 15 Apr 2021 12:49:36 +0000 (15:49 +0300)
Before this fix underlying TCP sockets could remain opened for longer
than it is actually required, causing unit tests to fail with lots of
ISC_R_TOOMANYOPENFILES errors.

The change also enables graceful SSL shutdown (before that it  would
happen only in the case when isc_nm_cancelread() were called).

lib/isc/netmgr/tlsstream.c

index 27a6bfcadb7e6d03d4e05434f0d9b706404d2bb1..a682ba00f23243b6735a674129b082bd9e9e9364 100644 (file)
@@ -406,8 +406,22 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
                                region = (isc_region_t){ .base = &recv_buf[0],
                                                         .length = len };
 
+                               INSIST(VALID_NMHANDLE(sock->statichandle));
                                sock->recv_cb(sock->statichandle, ISC_R_SUCCESS,
                                              &region, sock->recv_cbarg);
+                               /* The handle could have been detached in
+                                * sock->recv_cb, making the sock->statichandle
+                                * nullified (it happens in netmgr.c). If it is
+                                * the case, then it means that we are not
+                                * interested in keeping the connection alive
+                                * anymore. Let's shutdown the SSL session, send
+                                * what we have in the SSL buffers, and close
+                                * the connection.
+                                */
+                               if (sock->statichandle == NULL) {
+                                       finish = true;
+                                       break;
+                               }
                        }
                }
        }