ホーム エクスプローラ ヘルプ
サインイン
pi31415
/
librecmc-package-feed
フォーク元 libreCMC/package-feed
1
0
フォーク 0
ファイル
ブランチ: v1.5
ブランチ タグ
librecmc-packag...
/
net
/
haproxy
/
patches
/
0002-BUG-MEDIUM-ssl-Shutdown-the-connection-for-reading-on-SSL_ERROR_SYSCALL.patch

0002-BUG-MEDIUM-ssl-Shutdown-the-connection-for-reading-on-SSL_ERROR_SYSCALL.patch 2.0 KB
パーマリンク 履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. From f7fa1d461aa71bbc8a6c23fdcfc305f2e52ce5dd Mon Sep 17 00:00:00 2001
    2. 

  2. From: Christopher Faulet <cfaulet@haproxy.com>
    3. 

  3. Date: Mon, 19 Feb 2018 14:25:15 +0100
    4. 

  4. Subject: [PATCH] BUG/MEDIUM: ssl: Shutdown the connection for reading on
    5. 

  5.  SSL_ERROR_SYSCALL
    6. 

  6. 

  7. When SSL_read returns SSL_ERROR_SYSCALL and errno is unset or set to EAGAIN, the
    8. 

  8. connection must be shut down for reading. Else, the connection loops infinitly,
    9. 

  9. consuming all the CPU.
    10. 

  10. 

  11. The bug was introduced in the commit 7e2e50500 ("BUG/MEDIUM: ssl: Don't always
    12. 

  12. treat SSL_ERROR_SYSCALL as unrecovarable."). This patch must be backported in
    13. 

  13. 1.8 too.
    14. 

  14. 

  15. (cherry picked from commit 4ac77a98cda3d0f9b1d9de7bbbda2c91357f0767)
    16. 

  16. Signed-off-by: Willy Tarreau <w@1wt.eu>
    17. 

  17. ---
    18. 

  18.  src/ssl_sock.c |   14 ++++++++------
    19. 

  19.  1 file changed, 8 insertions(+), 6 deletions(-)
    20. 

  20. 

  21. diff --git a/src/ssl_sock.c b/src/ssl_sock.c
    22. 

  22. index f118724..a065bbb 100644
    23. 

  23. --- a/src/ssl_sock.c
    24. 

  24. +++ b/src/ssl_sock.c
    25. 

  25. @@ -5437,10 +5437,9 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
    26. 

  26.  				break;
    27. 

  27.  			} else if (ret == SSL_ERROR_ZERO_RETURN)
    28. 

  28.  				goto read0;
    29. 

  29. -			/* For SSL_ERROR_SYSCALL, make sure the error is
    30. 

  30. -			 * unrecoverable before flagging the connection as
    31. 

  31. -			 * in error.
    32. 

  32. -			 */
    33. 

  33. +			/* For SSL_ERROR_SYSCALL, make sure to clear the error
    34. 

  34. +			 * stack before shutting down the connection for
    35. 

  35. +			 * reading. */
    36. 

  36.  			if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
    37. 

  37.  				goto clear_ssl_error;
    38. 

  38.  			/* otherwise it's a real error */
    39. 

  39. @@ -5453,16 +5452,19 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
    40. 

  40.  	conn_cond_update_sock_polling(conn);
    41. 

  41.  	return done;
    42. 

  42.  
    43. 

  43. + clear_ssl_error:
    44. 

  44. +	/* Clear openssl global errors stack */
    45. 

  45. +	ssl_sock_dump_errors(conn);
    46. 

  46. +	ERR_clear_error();
    47. 

  47.   read0:
    48. 

  48.  	conn_sock_read0(conn);
    49. 

  49.  	goto leave;
    50. 

  50. +
    51. 

  51.   out_error:
    52. 

  52.  	conn->flags |= CO_FL_ERROR;
    53. 

  53. -clear_ssl_error:
    54. 

  54.  	/* Clear openssl global errors stack */
    55. 

  55.  	ssl_sock_dump_errors(conn);
    56. 

  56.  	ERR_clear_error();
    57. 

  57. -
    58. 

  58.  	goto leave;
    59. 

  59.  }
    60. 

  60.  
    61. 

  61. -- 
    62. 

  62. 1.7.10.4
    63. 

  63.