[jira] [Updated] (THRIFT-4885) TSSLSocket crash during write

Mon, 10 Jun 2019 06:19:16 -0700 


     [ 
https://issues.apache.org/jira/browse/THRIFT-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

op updated THRIFT-4885:
-----------------------
    Attachment: patch.txt

>  TSSLSocket crash during write
> ------------------------------
>
>                 Key: THRIFT-4885
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4885
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.10.0
>            Reporter: op
>            Priority: Major
>         Attachments: patch.txt
>
>
> It happens that a race condition between TSSLSocket::write and 
> TSSLSocket::close causes the application to crash. This issue has also been 
> detected by Valgrind.
> #1  0x00007f08549b2291 in BIO_write () from /lib64/libcrypto.so.1.0.0
> #2  0x00007f084fdbbb62 in ?? () from /lib64/libssl.so.1.0.0
> #3  0x00007f084fdbc256 in ?? () from /lib64/libssl.so.1.0.0
> #4  0x00007f085466657c in apache::thrift::transport::TSSLSocket::(write 
> (this=0x7f07a0001060, buf=0x7f07a4b6d1ac "", len=4) at 
> src/thrift/transport/TSSLSocket.cpp:387
> The solution is the following patch:
> diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp 
> thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp
> --- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-05-29 
> 22:31:56.096441586 +0200
> +++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-06-02 
> 03:36:10.131847142 +0200
> @@ -292,6 +292,8 @@ void TSSLSocket::open() {
>  }
>  
>  void TSSLSocket::close() {
> + Guard guardRead(socketReadMutex);
> + Guard guardWrite(socketWriteMutex);
>  if (ssl_ != NULL) {
>  try {
>  int rc;
> @@ -337,6 +339,7 @@ void TSSLSocket::close() {
>  }
>  
>  uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) {
> + Guard guard(socketReadMutex);
>  checkHandshake();
>  int32_t bytes = 0;
>  for (int32_t retries = 0; retries < maxRecvRetries_; retries++) {
> @@ -379,6 +382,7 @@ uint32_t TSSLSocket::read(uint8_t* buf,
>  }
>  
>  void TSSLSocket::write(const uint8_t* buf, uint32_t len) {
> + Guard guard(socketWriteMutex);
>  checkHandshake();
>  // loop in case SSL_MODE_ENABLE_PARTIAL_WRITE is set in SSL_CTX.
>  uint32_t written = 0;
> diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h 
> thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h
> --- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-05-29 
> 22:31:56.096441586 +0200
> +++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-06-02 
> 03:37:01.097362373 +0200
> @@ -154,6 +154,8 @@ protected:
>  SSL* ssl_;
>  boost::shared_ptr<SSLContext> ctx_;
>  boost::shared_ptr<AccessManager> access_;
> + concurrency::Mutex socketReadMutex;
> + concurrency::Mutex socketWriteMutex;
>  friend class TSSLSocketFactory;
>  };
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to