Repository: trafficserver Updated Branches: refs/heads/5.3.x 258afd347 -> a86272d30
TS-3667: SSL Handshake read does not correctly handle EOF and error cases. (cherry picked from commit fb3bbbd4f716a8ac4399ff1edba1c8005610f7b1) Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a86272d3 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a86272d3 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a86272d3 Branch: refs/heads/5.3.x Commit: a86272d30448f502cbbec08ed09d897f5e1f7cfd Parents: 258afd3 Author: shinrich <[email protected]> Authored: Thu Jun 4 18:54:41 2015 -0500 Committer: Phil Sorber <[email protected]> Committed: Fri Jun 5 09:01:25 2015 -0600 ---------------------------------------------------------------------- CHANGES | 2 ++ iocore/net/SSLNetVConnection.cc | 22 ++++++++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a86272d3/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 18a0c80..f2ccb5d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.1 + *) [TS-3667] Make SSL Handhake read correctly handle EOF and error cases. + *) [TS-3554] Memory leak on ssl_multicert.config reload. *) [TS-3649] url_sig: fix for crasher related to key index. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a86272d3/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 5884ed6..436b3cf 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -347,11 +347,6 @@ SSLNetVConnection::read_raw_data() if (r <= 0) { if (r == -EAGAIN || r == -ENOTCONN) { NET_INCREMENT_DYN_STAT(net_calls_to_read_nodata_stat); - return r; - } - - if (!r || r == -ECONNRESET) { - return r; } return r; } @@ -959,7 +954,22 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err) if (BIO_eof(SSL_get_rbio(this->ssl))) { // No more data in the buffer // Read from socket to fill in the BIO buffer with the // raw handshake data before calling the ssl accept calls. - this->read_raw_data(); + int retval = this->read_raw_data(); + if (retval < 0) { + if (retval == -EAGAIN) { + // No data at the moment, hang tight + SSLDebugVC(this, "SSL handshake: EAGAIN"); + return SSL_HANDSHAKE_WANT_READ; + } else { + // An error, make us go away + SSLDebugVC(this, "SSL handshake error: read_retval=%d", retval); + return EVENT_ERROR; + } + } else if (retval == 0) { + // EOF, go away, we stopped in the handshake + SSLDebugVC(this, "SSL handshake error: EOF"); + return EVENT_ERROR; + } } ssl_error_t ssl_error = SSLAccept(ssl);
