[jira] [Created] (THRIFT-4885) TSSLSocket crash during write

Fri, 07 Jun 2019 13:36:10 -0700 

op created THRIFT-4885:
--------------------------

             Summary:  TSSLSocket crash during write
                 Key: THRIFT-4885
                 URL: https://issues.apache.org/jira/browse/THRIFT-4885
             Project: Thrift
          Issue Type: Bug
          Components: C++ - Library
    Affects Versions: 0.10.0
            Reporter: op


It happens that a race condition between TSSLSocket::write and 
TSSLSocket::close causes the application to crash. This issue has also been 
detected by Valgrind.

#1  0x00007f08549b2291 in BIO_write () from /lib64/libcrypto.so.1.0.0

#2  0x00007f084fdbbb62 in ?? () from /lib64/libssl.so.1.0.0

#3  0x00007f084fdbc256 in ?? () from /lib64/libssl.so.1.0.0

#4  0x00007f085466657c in apache::thrift::transport::TSSLSocket::(write 
(this=0x7f07a0001060, buf=0x7f07a4b6d1ac "", len=4) at 
src/thrift/transport/TSSLSocket.cpp:387

The solution is the following patch:

diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp 
thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp
--- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-05-29 
22:31:56.096441586 +0200
+++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-06-02 
03:36:10.131847142 +0200
@@ -292,6 +292,8 @@ void TSSLSocket::open() {
 }
 
 void TSSLSocket::close() {
+ Guard guardRead(socketReadMutex);
+ Guard guardWrite(socketWriteMutex);
 if (ssl_ != NULL) {
 try {
 int rc;
@@ -337,6 +339,7 @@ void TSSLSocket::close() {
 }
 
 uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) {
+ Guard guard(socketReadMutex);
 checkHandshake();
 int32_t bytes = 0;
 for (int32_t retries = 0; retries < maxRecvRetries_; retries++) {
@@ -379,6 +382,7 @@ uint32_t TSSLSocket::read(uint8_t* buf,
 }
 
 void TSSLSocket::write(const uint8_t* buf, uint32_t len) {
+ Guard guard(socketWriteMutex);
 checkHandshake();
 // loop in case SSL_MODE_ENABLE_PARTIAL_WRITE is set in SSL_CTX.
 uint32_t written = 0;
diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h 
thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h
--- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-05-29 
22:31:56.096441586 +0200
+++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-06-02 
03:37:01.097362373 +0200
@@ -154,6 +154,8 @@ protected:
 SSL* ssl_;
 boost::shared_ptr<SSLContext> ctx_;
 boost::shared_ptr<AccessManager> access_;
+ concurrency::Mutex socketReadMutex;
+ concurrency::Mutex socketWriteMutex;
 friend class TSSLSocketFactory;
 };

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to