[
https://issues.apache.org/jira/browse/THRIFT-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
op updated THRIFT-4885:
-----------------------
Description:
It happens that a race condition between TSSLSocket::write and
TSSLSocket::close causes the application to crash. This issue has also been
detected by Valgrind.
#1 0x00007f08549b2291 in BIO_write () from /lib64/libcrypto.so.1.0.0
#2 0x00007f084fdbbb62 in ?? () from /lib64/libssl.so.1.0.0
#3 0x00007f084fdbc256 in ?? () from /lib64/libssl.so.1.0.0
#4 0x00007f085466657c in apache::thrift::transport::TSSLSocket::(write
(this=0x7f07a0001060, buf=0x7f07a4b6d1ac "", len=4) at
src/thrift/transport/TSSLSocket.cpp:387
See patch in attachment.
was:
It happens that a race condition between TSSLSocket::write and
TSSLSocket::close causes the application to crash. This issue has also been
detected by Valgrind.
#1 0x00007f08549b2291 in BIO_write () from /lib64/libcrypto.so.1.0.0
#2 0x00007f084fdbbb62 in ?? () from /lib64/libssl.so.1.0.0
#3 0x00007f084fdbc256 in ?? () from /lib64/libssl.so.1.0.0
#4 0x00007f085466657c in apache::thrift::transport::TSSLSocket::(write
(this=0x7f07a0001060, buf=0x7f07a4b6d1ac "", len=4) at
src/thrift/transport/TSSLSocket.cpp:387
The solution is the following patch:
diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp
thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp
--- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-05-29
22:31:56.096441586 +0200
+++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.cpp 2019-06-02
03:36:10.131847142 +0200
@@ -292,6 +292,8 @@ void TSSLSocket::open() {
}
void TSSLSocket::close() {
+ Guard guardRead(socketReadMutex);
+ Guard guardWrite(socketWriteMutex);
if (ssl_ != NULL) {
try {
int rc;
@@ -337,6 +339,7 @@ void TSSLSocket::close() {
}
uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) {
+ Guard guard(socketReadMutex);
checkHandshake();
int32_t bytes = 0;
for (int32_t retries = 0; retries < maxRecvRetries_; retries++) {
@@ -379,6 +382,7 @@ uint32_t TSSLSocket::read(uint8_t* buf,
}
void TSSLSocket::write(const uint8_t* buf, uint32_t len) {
+ Guard guard(socketWriteMutex);
checkHandshake();
// loop in case SSL_MODE_ENABLE_PARTIAL_WRITE is set in SSL_CTX.
uint32_t written = 0;
diff -Naurp thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h
thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h
--- thrift-original/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-05-29
22:31:56.096441586 +0200
+++ thrift-modified/lib/cpp/src/thrift/transport/TSSLSocket.h 2019-06-02
03:37:01.097362373 +0200
@@ -154,6 +154,8 @@ protected:
SSL* ssl_;
boost::shared_ptr<SSLContext> ctx_;
boost::shared_ptr<AccessManager> access_;
+ concurrency::Mutex socketReadMutex;
+ concurrency::Mutex socketWriteMutex;
friend class TSSLSocketFactory;
};
> TSSLSocket crash during write
> ------------------------------
>
> Key: THRIFT-4885
> URL: https://issues.apache.org/jira/browse/THRIFT-4885
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.10.0
> Reporter: op
> Priority: Major
> Attachments: patch.txt
>
>
> It happens that a race condition between TSSLSocket::write and
> TSSLSocket::close causes the application to crash. This issue has also been
> detected by Valgrind.
> #1 0x00007f08549b2291 in BIO_write () from /lib64/libcrypto.so.1.0.0
> #2 0x00007f084fdbbb62 in ?? () from /lib64/libssl.so.1.0.0
> #3 0x00007f084fdbc256 in ?? () from /lib64/libssl.so.1.0.0
> #4 0x00007f085466657c in apache::thrift::transport::TSSLSocket::(write
> (this=0x7f07a0001060, buf=0x7f07a4b6d1ac "", len=4) at
> src/thrift/transport/TSSLSocket.cpp:387
> See patch in attachment.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
