[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-dev
Subject: Re: [asterisk-dev] [Code Review]: Eliminate redundant and possibly
From: "jrose" <reviewboard () asterisk ! org>
Date: 2011-11-30 20:27:39
Message-ID: 20111130202739.27013.32827 () hotblack ! digium ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
> On Nov. 21, 2011, 3:19 a.m., wdoekes wrote:
> > Better. A couple of points:
>
> wdoekes wrote:
> P.S. A couple of relevant bugs:
>
> https://issues.asterisk.org/jira/browse/ASTERISK-18342
> https://issues.asterisk.org/jira/browse/ASTERISK-18345
>
> I linked them in Jira.
I'll keep this in mind for the final log message. Definitely seem related, and \
hopefully they might be fixed by these upcoming patches.
> On Nov. 21, 2011, 3:19 a.m., wdoekes wrote:
> > /trunk/channels/chan_sip.c, line 25957
> > <https://reviewboard.asterisk.org/r/1576/diff/3/?file=21782#file21782line25957>
> >
> > I prefer:
> >
> > s->fd = -1;
> >
> > Otherwise you have to look inside the opaque ast_tcptls_close_session_file to \
> > know what fd is. (And.. as an added bonus, setting it from a constant is \
> > cheaper.)
> > Unless you plan to *not* set tcptls_session->fd to -1 under some circumstances, \
> > but that would likely only add to the confusion.
Right. The tcptls_session->fd should always be set to -1 by \
ast_tcptls_close_session_file unless it already is -1, so that's a safe assumption \
and this change makes perfect sense.
> On Nov. 21, 2011, 3:19 a.m., wdoekes wrote:
> > /trunk/main/tcptls.c, lines 79-94
> > <https://reviewboard.asterisk.org/r/1576/diff/3/?file=21784#file21784line79>
> >
> > I would go with something like this:
> >
> > static int ssl_close(void *cookie)
> > {
> > int cookie_fd = SSL_get_fd(cookie);
> > int ret;
> > if (cookie_fd > -1) {
> > /* According to the TLS standard, it is acceptable for an application to only \
> > send its shutdown alert and then close the underlying connection without waiting \
> > for the peer's response (this way resources can be saved, as the process can \
> > already terminate or serve another connection). */ if ((ret = \
> > SSL_shutdown(cookie)) < 0) { ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", \
> > SSL_get_error(cookie, ret)); }
> > SSL_free(cookie);
> > /* adding shutdown(2) here has no added enefit */
> > if (close(cookie_fd)) {
> > ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
> > }
> > }
> > return 0;
> > }
> >
> > But -- and a big one: doing things by the book here (the new SSL_shutdown) MAY \
> > case the thread to block during this operation.
> > If it turns out that moving up the SSL_shutdown causes hangs, it should probably \
> > be removed altogether (with a nice #if 0) until a better solution is implemented.
Well, I changed this in as you have suggested and in a little rudimentary test it \
seems to work fine under normal conditions so far with the SSL_close occuring once \
the SIP dialog expires... no particularly noticeable problems anyway, as it got \
through the code path all at once, but it was just a basic SIP TLS call test. I'll \
keep an eye open for any reports related to this if we can commit it.
Getting ready to post the revised patch.
> On Nov. 21, 2011, 3:19 a.m., wdoekes wrote:
> > /trunk/include/asterisk/tcptls.h, line 180
> > <https://reviewboard.asterisk.org/r/1576/diff/3/?file=21783#file21783line180>
> >
> > + and sets them to NULL and -1 respectively.
k, got it.
- jrose
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1576/#review4826
-----------------------------------------------------------
On Nov. 17, 2011, 11:01 a.m., jrose wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1576/
> -----------------------------------------------------------
>
> (Updated Nov. 17, 2011, 11:01 a.m.)
>
>
> Review request for Asterisk Developers, David Vossel and mjordan.
>
>
> Summary
> -------
>
> According to the reporter, chan_sip and tcptls were using an odd combination of \
> close and fclose which can result in undefined behavior. Following the man pages \
> for fclose and close, attempting to fclose a file with an already closed file \
> descriptor results in undefined behavior, and fclose itself will already close the \
> file descriptor, so using fclose and then close is redundant. The reporter \
> suggested as well that since file descriptors will experience frequent reuse that \
> using fclose and then close could also result in closing a file descriptor that is \
> in use elsewhere since there is time for that that file descriptor index to be \
> reclaimed in the file descriptor table during the window between that fclose and \
> the following close operation... or at least that's how I interpreted it.
> I removed all uses of the close function when there was an adjacent fclose. I'm \
> still not 100% sure if this is the right approach since this behavior introduced in \
> a patch by dvossel in r225445, which can be seen here: \
> http://lists.digium.com/pipermail/asterisk-commits/2009-October/038031.html I'm a \
> little worried that this might be because the file descriptor received a redundant \
> reference somewhere along the line and these close() functions might have been used \
> to close a file descriptor leak or something along those lines.
>
> This addresses bug ASTERISK-18700.
> https://issues.asterisk.org/jira/browse/ASTERISK-18700
>
>
> Diffs
> -----
>
> /trunk/channels/chan_sip.c 344846
> /trunk/include/asterisk/tcptls.h 344846
> /trunk/main/tcptls.c 344846
>
> Diff: https://reviewboard.asterisk.org/r/1576/diff
>
>
> Testing
> -------
>
> Set up some TLS calls and used core show fd (with DEBUG_FD_LEAKS enabled) to make \
> sure this wasn't causing a bunch of file descriptor leaks. From what I could find, \
> it wasn't.
>
> Thanks,
>
> jrose
>
>
[Attachment #5 (text/html)]
<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;"> <tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://reviewboard.asterisk.org/r/1576/">https://reviewboard.asterisk.org/r/1576/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On November 21st, 2011, 3:19 a.m., <b>wdoekes</b> \
wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; \
padding-left: 10px;"> <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; \
white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Better. A \
couple of points:</pre> </blockquote>
<p>On November 21st, 2011, 3:28 a.m., <b>wdoekes</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">P.S. A couple of \
relevant bugs:
https://issues.asterisk.org/jira/browse/ASTERISK-18342
https://issues.asterisk.org/jira/browse/ASTERISK-18345
I linked them in Jira.</pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I'll keep this in \
mind for the final log message. Definitely seem related, and hopefully they might be \
fixed by these upcoming patches.</pre> <br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On November 21st, 2011, 3:19 a.m., <b>wdoekes</b> \
wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; \
padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; \
border-collapse: collapse; margin: 2px padding: 2px;"> <thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; \
font-size: 9pt; padding: 4px 8px; text-align: left;"> <a \
href="https://reviewboard.asterisk.org/r/1576/diff/3/?file=21782#file21782line25957" \
style="color: black; font-weight: bold; text-decoration: \
underline;">/trunk/channels/chan_sip.c</a> <span style="font-weight: normal;">
(Diff revision 3)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">static \
int sip_prepare_socket(struct sip_pvt *p)</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#e9eaa8" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">25957</font></th> <td bgcolor="#fdfebc" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">s</span><span class="o">-></span><span class="n">fd</span> <span \
class="o">=</span> <span class="n">tcptls_session</span><span \
class="o">-></span><span class="n">fd</span><span class="hl"> </span><span \
class="o"><span class="hl">=</span></span><span class="hl"> </span><span \
class="o"><span class="hl">-</span></span><span class="mi"><span \
class="hl">1</span></span><span class="p">;</span></pre></td> <th bgcolor="#e9eaa8" \
style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">25950</font></th> <td bgcolor="#fdfebc" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">s</span><span class="o">-></span><span class="n">fd</span> <span \
class="o">=</span> <span class="n">tcptls_session</span><span \
class="o">-></span><span class="n">fd</span><span class="p">;</span></pre></td> \
</tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I prefer:
s->fd = -1;
Otherwise you have to look inside the opaque ast_tcptls_close_session_file to know \
what fd is. (And.. as an added bonus, setting it from a constant is cheaper.)
Unless you plan to *not* set tcptls_session->fd to -1 under some circumstances, \
but that would likely only add to the confusion.</pre> </blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; \
white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Right. The \
tcptls_session->fd should always be set to -1 by ast_tcptls_close_session_file \
unless it already is -1, so that's a safe assumption and this change makes \
perfect sense.</pre> <br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On November 21st, 2011, 3:19 a.m., <b>wdoekes</b> \
wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; \
padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; \
border-collapse: collapse; margin: 2px padding: 2px;"> <thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; \
font-size: 9pt; padding: 4px 8px; text-align: left;"> <a \
href="https://reviewboard.asterisk.org/r/1576/diff/3/?file=21783#file21783line180" \
style="color: black; font-weight: bold; text-decoration: \
underline;">/trunk/include/asterisk/tcptls.h</a> <span style="font-weight: normal;">
(Diff revision 3)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">struct \
ast_tcptls_session_instance *ast_tcptls_client_start(struct \
ast_tcptls_session_instance *tcptls_session);</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">180</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "><span \
class="cm"> * \brief Closes a tcptls session instance's file and/or file \
descriptor.</span></pre></td> </tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">+ and sets them to NULL \
and -1 respectively.</pre> </blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; \
white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">k, got \
it.</pre> <br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On November 21st, 2011, 3:19 a.m., <b>wdoekes</b> \
wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; \
padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; \
border-collapse: collapse; margin: 2px padding: 2px;"> <thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; \
font-size: 9pt; padding: 4px 8px; text-align: left;"> <a \
href="https://reviewboard.asterisk.org/r/1576/diff/3/?file=21784#file21784line79" \
style="color: black; font-weight: bold; text-decoration: \
underline;">/trunk/main/tcptls.c</a> <span style="font-weight: normal;">
(Diff revision 3)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">static \
HOOK_T ssl_write(void *cookie, const char *buf, LEN_T len)</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">79</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "><span class="k">static</span> \
<span class="kt">int</span> <span class="n">ssl_close</span><span \
class="p">(</span><span class="kt">void</span> <span class="o">*</span><span \
class="n">cookie</span><span class="p">)</span></pre></td> <th bgcolor="#f0f0f0" \
style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">79</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "><span class="k">static</span> \
<span class="kt">int</span> <span class="n">ssl_close</span><span \
class="p">(</span><span class="kt">void</span> <span class="o">*</span><span \
class="n">cookie</span><span class="p">)</span></pre></td> </tr>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">80</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "><span \
class="p">{</span></pre></td> <th bgcolor="#f0f0f0" style="border-left: 1px solid \
#C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font \
size="2">80</font></th> <td bgcolor="#ffffff" width="50%"><pre style="font-size: \
8pt; line-height: 140%; margin: 0; "><span class="p">{</span></pre></td> </tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#e9eaa8" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">81</font></th> <td bgcolor="#fdfebc" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">close</span><span class="p">(</span><span class="n">SSL_get_fd</span><span \
class="p">(</span><span class="n">cookie</span><span class="p">));</span></pre></td> \
<th bgcolor="#e9eaa8" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">81</font></th> <td bgcolor="#fdfebc" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="kt">int</span> <span class="n">cookie_fd</span><span \
class="p">;</span></pre></td> </tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">82</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="k">if</span> <span class="p">(</span><span class="o">!</span><span \
class="n">SSL_shutdown</span><span class="p">(</span><span \
class="n">cookie</span><span class="p">))</span> <span class="p">{</span></pre></td> \
</tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">83</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="cm">/* SSL_shutdown hasn't received peer "close notify" alert, \
SSL_shutdown again. */</span></pre></td> </tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">82</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">SSL_shutdown</span><span class="p">(</span><span \
class="n">cookie</span><span class="p">);</span></pre></td> <th bgcolor="#f0f0f0" \
style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">84</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">SSL_shutdown</span><span class="p">(</span><span \
class="n">cookie</span><span class="p">);</span></pre></td> </tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">85</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="p">}</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">86</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">cookie_fd</span> <span class="o">=</span> <span \
class="n">SSL_get_fd</span><span class="p">(</span><span class="n">cookie</span><span \
class="p">);</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">87</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="k">if</span> <span class="p">(</span><span class="n">cookie_fd</span> <span \
class="o">></span> <span class="o">-</span><span class="mi">1</span><span \
class="p">)</span> <span class="p">{</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">88</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="k">if</span> <span class="p">(</span><span class="n">close</span><span \
class="p">(</span><span class="n">cookie_fd</span><span class="p">))</span> <span \
class="p">{</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">89</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">ast_log</span><span class="p">(</span><span class="n">LOG_ERROR</span><span \
class="p">,</span> <span class="s">"close() failed: %s</span><span \
class="se">\n</span><span class="s">"</span><span class="p">,</span> <span \
class="n">strerror</span><span class="p">(</span><span class="n">errno</span><span \
class="p">));</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">90</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="p">}</span></pre></td> </tr>
<tr>
<th bgcolor="#b1ebb0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2"></font></th> <td bgcolor="#c5ffc4" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td> <th \
bgcolor="#b1ebb0" style="border-left: 1px solid #C0C0C0; border-right: 1px solid \
#C0C0C0;" align="right"><font size="2">91</font></th> <td bgcolor="#c5ffc4" \
width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="p">}</span></pre></td> </tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">83</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span \
class="n">SSL_free</span><span class="p">(</span><span class="n">cookie</span><span \
class="p">);</span></pre></td> <th bgcolor="#f0f0f0" style="border-left: 1px solid \
#C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font \
size="2">92</font></th> <td bgcolor="#ffffff" width="50%"><pre style="font-size: \
8pt; line-height: 140%; margin: 0; "> <span class="n">SSL_free</span><span \
class="p">(</span><span class="n">cookie</span><span class="p">);</span></pre></td> \
</tr>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">84</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span class="k">return</span> \
<span class="mi">0</span><span class="p">;</span></pre></td> <th bgcolor="#f0f0f0" \
style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">93</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "> <span class="k">return</span> \
<span class="mi">0</span><span class="p">;</span></pre></td> </tr>
<tr>
<th bgcolor="#f0f0f0" style="border-right: 1px solid #C0C0C0;" \
align="right"><font size="2">85</font></th> <td bgcolor="#ffffff" width="50%"><pre \
style="font-size: 8pt; line-height: 140%; margin: 0; "><span \
class="p">}</span></pre></td> <th bgcolor="#f0f0f0" style="border-left: 1px solid \
#C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font \
size="2">94</font></th> <td bgcolor="#ffffff" width="50%"><pre style="font-size: \
8pt; line-height: 140%; margin: 0; "><span class="p">}</span></pre></td> </tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I would go with \
something like this:
static int ssl_close(void *cookie)
{
int cookie_fd = SSL_get_fd(cookie);
int ret;
if (cookie_fd > -1) {
/* According to the TLS standard, it is acceptable for an application to only \
send its shutdown alert and then close the underlying connection without waiting for \
the peer's response (this way resources can be saved, as the process can already \
terminate or serve another connection). */ if ((ret = SSL_shutdown(cookie)) < 0) \
{
ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", \
SSL_get_error(cookie, ret)); }
SSL_free(cookie);
/* adding shutdown(2) here has no added enefit */
if (close(cookie_fd)) {
ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
}
}
return 0;
}
But -- and a big one: doing things by the book here (the new SSL_shutdown) MAY case \
the thread to block during this operation.
If it turns out that moving up the SSL_shutdown causes hangs, it should probably be \
removed altogether (with a nice #if 0) until a better solution is implemented.</pre> \
</blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; \
white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Well, I \
changed this in as you have suggested and in a little rudimentary test it seems to \
work fine under normal conditions so far with the SSL_close occuring once the SIP \
dialog expires... no particularly noticeable problems anyway, as it got through the \
code path all at once, but it was just a basic SIP TLS call test. I'll keep an \
eye open for any reports related to this if we can commit it.
Getting ready to post the revised patch.</pre>
<br />
<p>- jrose</p>
<br />
<p>On November 17th, 2011, 11:01 a.m., jrose wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('https://reviewboard.asterisk.org/media/rb/images/review_request_box_top_bg.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;"> <tr>
<td>
<div>Review request for Asterisk Developers, David Vossel and mjordan.</div>
<div>By jrose.</div>
<p style="color: grey;"><i>Updated Nov. 17, 2011, 11:01 a.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">According to the reporter, chan_sip and tcptls were using an odd \
combination of close and fclose which can result in undefined behavior. Following \
the man pages for fclose and close, attempting to fclose a file with an already \
closed file descriptor results in undefined behavior, and fclose itself will already \
close the file descriptor, so using fclose and then close is redundant. The reporter \
suggested as well that since file descriptors will experience frequent reuse that \
using fclose and then close could also result in closing a file descriptor that is in \
use elsewhere since there is time for that that file descriptor index to be reclaimed \
in the file descriptor table during the window between that fclose and the following \
close operation... or at least that's how I interpreted it.
I removed all uses of the close function when there was an adjacent fclose. I'm \
still not 100% sure if this is the right approach since this behavior introduced in a \
patch by dvossel in r225445, which can be seen here: \
http://lists.digium.com/pipermail/asterisk-commits/2009-October/038031.html I'm \
a little worried that this might be because the file descriptor received a redundant \
reference somewhere along the line and these close() functions might have been used \
to close a file descriptor leak or something along those lines.</pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Set up some TLS calls and used core show fd (with DEBUG_FD_LEAKS \
enabled) to make sure this wasn't causing a bunch of file descriptor leaks. From \
what I could find, it wasn't.</pre> </td>
</tr>
</table>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-18700">ASTERISK-18700</a>
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>/trunk/channels/chan_sip.c <span style="color: grey">(344846)</span></li>
<li>/trunk/include/asterisk/tcptls.h <span style="color: grey">(344846)</span></li>
<li>/trunk/main/tcptls.c <span style="color: grey">(344846)</span></li>
</ul>
<p><a href="https://reviewboard.asterisk.org/r/1576/diff/" style="margin-left: \
3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic