[kudu] branch master updated: [TlsSocket] clear error queue in Recv on SSL_RECEIVED_SHUTDOWN

Tue, 16 Mar 2021 09:28:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new f69a054  [TlsSocket] clear error queue in Recv on SSL_RECEIVED_SHUTDOWN
f69a054 is described below

commit f69a05487ec15635395cbd88ad4287412813a4e4
Author: Alexey Serbin <[email protected]>
AuthorDate: Mon Mar 15 22:42:41 2021 -0700

    [TlsSocket] clear error queue in Recv on SSL_RECEIVED_SHUTDOWN
    
    This patch clears error from thread's error queue on a failed SSL_read()
    call in case of SSL_RECEIVED_SHUTDOWN.  Before this patch, the process
    would crash with SIGABRT on certain errors when exiting from the scope
    because of the SCOPED_OPENSSL_NO_PENDING_ERRORS guard.  Overall, it's
    a good practice to check for an error after a call to SSL_read() and
    other calls which might add an entry into the thread's error queue:
    the code in TlsSocket::Recv() did so in almost all cases but not the one
    addressed by this patch.
    
    I didn't add a test to reproduce the crash.  I saw the issue manifesting
    itself on an incorrect TLSv1.3 negotiation sequence, but I'm not quite
    sure it's worth adding such a scenario just to reproduce an obvious
    mistake in handling the results of the SSL_read() call.
    
    Change-Id: Ie64456b61b797085d1ec6df76a8b2dfeca9860c9
    Reviewed-on: http://gerrit.cloudera.org:8080/17190
    Tested-by: Kudu Jenkins
    Reviewed-by: Attila Bukor <[email protected]>
---
 src/kudu/security/tls_socket.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kudu/security/tls_socket.cc b/src/kudu/security/tls_socket.cc
index efaa73e..f1c6c39 100644
--- a/src/kudu/security/tls_socket.cc
+++ b/src/kudu/security/tls_socket.cc
@@ -193,8 +193,8 @@ Status TlsSocket::Recv(uint8_t *buf, int32_t amt, int32_t 
*nread) {
     const string remote_str = s.ok() ? remote.ToString() : "unknown";
     string kErrString = Substitute("failed to read from TLS socket (remote: 
$0)",
                                    remote_str);
-
     if (bytes_read == 0 && SSL_get_shutdown(ssl_.get()) == 
SSL_RECEIVED_SHUTDOWN) {
+      kErrString += GetOpenSSLErrors();
       return Status::NetworkError(kErrString, ErrnoToString(ESHUTDOWN), 
ESHUTDOWN);
     }
     auto error_code = SSL_get_error(ssl_.get(), bytes_read);

Reply via email to