Attach/detach to the listening child socket when accepting TLS

When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could have
been freed before all the accepted connections were actually closed.

In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.

Properly attach and detach the children listening socket when accepting
and closing the server connections.

(cherry picked from commit 684f3eb8e62fb2dd2e6adf3272e87b1fd4b08579)

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index a3fc6d203c30f7edf545bc1b030b8d73475b8e2b..4fef5985b25c97c0e6a97b1d4cc144947712d0f5 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -711,6 +711,7 @@ tlslisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
        tlssock = isc_mem_get(handle->sock->mgr->mctx, sizeof(*tlssock));
        isc__nmsocket_init(tlssock, handle->sock->mgr, isc_nm_tlssocket,
                           &handle->sock->iface);
+       isc__nmsocket_attach(tlslistensock, &tlssock->server);
 
        tid = isc_nm_tid();
        /* We need to initialize SSL now to reference SSL_CTX properly */
@@ -945,6 +946,10 @@ tls_close_direct(isc_nmsocket_t *sock) {
                isc__nmsocket_detach(&sock->listener);
        }
 
+       if (sock->server != NULL) {
+               isc__nmsocket_detach(&sock->server);
+       }
+
        /* Further cleanup performed in isc__nm_tls_cleanup_data() */
        atomic_store(&sock->closed, true);
        atomic_store(&sock->active, false);