mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Fix a crash by avoiding destroying TLS stream socket too early

Browse Source 
This commit fixes a crash in generic TLS stream code, which could be
reproduced during some runs of the 'sslyze' tool.

The intention of this commit is twofold.

Firstly, it ensures that the TLS socket object cannot be destroyed too
early. Now it is being deleted alongside the underlying TCP socket
object.

Secondly, it ensures that the TLS socket object cannot be destroyed as
a result of calling 'tls_do_bio()' (the primary function which
performs encryption/decryption during the IO) as the code did not
expect that. This code path is fixed now.
This commit is contained in:
Artem Boldariev
2022-03-22 20:24:46 +02:00
committed by Michal Nowak
parent 081f717c53
commit a696be6a2d
2 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/isc/netmgr/netmgr-int.h
View File

@@ -966,6 +966,7 @@ struct isc_nmsocket {
worker */
size_t n_listener_tls_ctx;
isc_nmsocket_t *tlslistener;
isc_nmsocket_t *tlssocket;
atomic_bool result_updated;
enum {
TLS_INIT,