Oknet Xu created TS-4216:
----------------------------
Summary: wrong condition check for zero length read in
SSLNetVConnection::net_read_io
Key: TS-4216
URL: https://issues.apache.org/jira/browse/TS-4216
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: Oknet Xu
SSLNextProtocolAccept::mainEvent set up a zero length read to perform a ssl
handshake.
{code}
int
SSLNextProtocolAccept::mainEvent(int event, void *edata)
{
SSLNetVConnection *netvc = ssl_netvc_cast(event, edata);
Debug("ssl", "[SSLNextProtocolAccept:mainEvent] event %d netvc %p", event,
netvc);
switch (event) {
case NET_EVENT_ACCEPT:
ink_release_assert(netvc != NULL);
netvc->setTransparentPassThrough(transparent_passthrough);
// Register our protocol set with the VC and kick off a zero-length read to
// force the SSLNetVConnection to complete the SSL handshake. Don't tell
// the endpoint that there is an accept to handle until the read completes
// and we know which protocol was negotiated.
netvc->registerNextProtocolSet(&this->protoset);
//**** BELOW CODE SET UP A ZERO LENGTH READ VIO ****
netvc->do_io(VIO::READ, new SSLNextProtocolTrampoline(this, netvc->mutex),
0, this->buffer, 0);
netvc->set_session_accept_pointer(this);
return EVENT_CONT;
default:
netvc->do_io(VIO::CLOSE);
return EVENT_DONE;
}
}
{code}
below codes in SSLNetVConnection::net_read_io (SSLNetVConnection.cc)
{code}
// changed by YTS Team, yamsat
void
SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
{
.
.
.
MIOBufferAccessor &buf = s->vio.buffer;
int64_t ntodo = s->vio.ntodo();
ink_assert(buf.writer());
.
.
.
} else if (ret == EVENT_DONE) {
// If this was driven by a zero length read, signal complete when
// the handshake is complete. Otherwise set up for continuing read
// operations.
if (ntodo <= 0) {
{code}
Because of "ntodo = nbytes - ndone", the contidion check for "zero length read"
is bad idea here.
It should be s->vio.nbytes ?
I will be verify this later.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
