fix(CVE-2021-42074): Handle SSL race conditions and segmentation fault
based on barrier: debauchee/barrier@8b937a4
This commit is contained in:
Vamshi Maskuri
committed by
Nick Bolton
Nick Bolton
parent
041512b050
commit
626e8c7364
@ -228,6 +228,8 @@ TCPSocket::EJobResult SecureSocket::doWrite()
|
||||
|
||||
int SecureSocket::secureRead(void *buffer, int size, int &read)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
if (m_ssl->m_ssl != NULL) {
|
||||
LOG((CLOG_DEBUG2 "reading secure socket"));
|
||||
read = SSL_read(m_ssl->m_ssl, buffer, size);
|
||||
@ -253,6 +255,8 @@ int SecureSocket::secureRead(void *buffer, int size, int &read)
|
||||
|
||||
int SecureSocket::secureWrite(const void *buffer, int size, int &wrote)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
if (m_ssl->m_ssl != NULL) {
|
||||
LOG((CLOG_DEBUG2 "writing secure socket: %p", this));
|
||||
|
||||
@ -284,6 +288,8 @@ bool SecureSocket::isSecureReady()
|
||||
|
||||
void SecureSocket::initSsl(bool server)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
m_ssl = new Ssl();
|
||||
m_ssl->m_context = NULL;
|
||||
m_ssl->m_ssl = NULL;
|
||||
@ -293,6 +299,8 @@ void SecureSocket::initSsl(bool server)
|
||||
|
||||
bool SecureSocket::loadCertificates(String &filename)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
if (filename.empty()) {
|
||||
SslLogger::logError("tls certificate is not specified");
|
||||
return false;
|
||||
@ -375,6 +383,8 @@ void SecureSocket::createSSL()
|
||||
|
||||
void SecureSocket::freeSSL()
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
isFatal(true);
|
||||
// take socket from multiplexer ASAP otherwise the race condition
|
||||
// could cause events to get called on a dead object. TCPSocket
|
||||
@ -398,6 +408,8 @@ void SecureSocket::freeSSL()
|
||||
|
||||
int SecureSocket::secureAccept(int socket)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
createSSL();
|
||||
|
||||
// set connection socket to SSL state
|
||||
@ -444,6 +456,8 @@ int SecureSocket::secureAccept(int socket)
|
||||
|
||||
int SecureSocket::secureConnect(int socket)
|
||||
{
|
||||
std::lock_guard<std::mutex> ssl_lock{ssl_mutex_};
|
||||
|
||||
createSSL();
|
||||
|
||||
// attach the socket descriptor
|
||||
|
||||
@ -19,6 +19,7 @@
|
||||
|
||||
#include "net/TCPSocket.h"
|
||||
#include "net/XSocket.h"
|
||||
#include <mutex>
|
||||
|
||||
class IEventQueue;
|
||||
class SocketMultiplexer;
|
||||
@ -87,6 +88,11 @@ private:
|
||||
void handleTCPConnected(const Event &event, void *);
|
||||
|
||||
private:
|
||||
// all accesses to m_ssl must be protected by this mutex. The only function that is called
|
||||
// from outside SocketMultiplexer thread is close(), so we mostly care about things accessed
|
||||
// by it.
|
||||
std::mutex ssl_mutex_;
|
||||
|
||||
Ssl *m_ssl;
|
||||
bool m_secureReady;
|
||||
bool m_fatal;
|
||||
|
||||
Reference in New Issue
Block a user