[prev in list] [next in list] [prev in thread] [next in thread]
List: licq-devel
Subject: [Licq-devel] Oops
From: Taral <taral () taral ! net>
Date: 2000-06-28 2:01:50
[Download RAW message or body]
I forgot to test for m_pSSL != NULL before doing SSL_pending on it.
--
Taral <taral@taral.net>
["ssl.cvsdiff" (TEXT/PLAIN)]
Index: include/licq_socket.h
===================================================================
RCS file: /extra/cvsroot/licq/include/licq_socket.h,v
retrieving revision 1.5
diff -u -p -r1.5 licq_socket.h
--- licq_socket.h 2000/06/27 01:36:50 1.5
+++ licq_socket.h 2000/06/28 01:52:47
@@ -20,6 +20,7 @@
#ifdef USE_OPENSSL
#include <openssl/ssl.h>
extern SSL_CTX *gSSL_CTX;
+extern fd_set gSSL_pending;
#else
typedef void SSL;
#endif
@@ -125,12 +126,13 @@ public:
bool Secure() { return m_pSSL != NULL; }
- void SecureConnect();
- void SecureListen();
+ bool SecureConnect();
+ bool SecureListen();
void SecureStop();
protected:
SSL *m_pSSL;
+ pthread_mutex_t mutex_SSL;
};
@@ -196,7 +198,6 @@ protected:
pthread_mutex_t mutex;
};
-
//=====CSocketManager===========================================================
class CSocketManager
Index: src/icqd-tcp.cpp
===================================================================
RCS file: /extra/cvsroot/licq/src/icqd-tcp.cpp,v
retrieving revision 1.8
diff -u -p -r1.8 icqd-tcp.cpp
--- icqd-tcp.cpp 2000/06/27 04:01:41 1.8
+++ icqd-tcp.cpp 2000/06/28 01:52:53
@@ -1355,7 +1355,12 @@ bool CICQDaemon::ProcessTcpPacket(TCPSoc
CPT_AckOpenSecureChannel p(theSequence, true, u);
AckTCP(p, pSock);
- pSock->SecureListen();
+ if (!pSock->SecureListen()) {
+ u->SetSecure(false);
+ PushPluginSignal(new CICQSignal(SIGNAL_UPDATExUSER, USER_SECURITY, nUin, 0));
+ errorOccured = true;
+ break;
+ }
u->SetSecure(true);
PushPluginSignal(new CICQSignal(SIGNAL_UPDATExUSER, USER_SECURITY, nUin, 1));
@@ -1539,11 +1544,17 @@ bool CICQDaemon::ProcessTcpPacket(TCPSoc
return false;
}
+ if (!pSock->SecureConnect()) {
+ u->SetSecure(false);
+ gUserManager.DropUser(u);
+ PushPluginSignal(new CICQSignal(SIGNAL_UPDATExUSER, USER_SECURITY, nUin, 0));
+ errorOccured = true;
+ } else {
gLog.Info("%sSecure channel established with %s (%ld).\n", L_SSLxSTR,
u->GetAlias(), nUin);
- pSock->SecureConnect();
u->SetSecure(true);
PushPluginSignal(new CICQSignal(SIGNAL_UPDATExUSER, USER_SECURITY, nUin, 1));
+ }
}
// finish up
Index: src/icqd-threads.cpp
===================================================================
RCS file: /extra/cvsroot/licq/src/icqd-threads.cpp,v
retrieving revision 1.5
diff -u -p -r1.5 icqd-threads.cpp
--- icqd-threads.cpp 2000/06/27 01:36:52 1.5
+++ icqd-threads.cpp 2000/06/28 01:52:54
@@ -352,7 +352,11 @@ void *MonitorSockets_tep(void *p)
nCurrentSocket = 0;
while (nSocketsAvailable > 0 && nCurrentSocket < l)
{
- if (FD_ISSET(nCurrentSocket, &f))
+ if (FD_ISSET(nCurrentSocket, &f)
+#ifdef USE_OPENSSL
+ || FD_ISSET(nCurrentSocket, &gSSL_pending)
+#endif
+ )
{
// New socket event ----------------------------------------------------
if (nCurrentSocket == d->pipe_newsocket[PIPE_READ])
Index: src/licq.cpp
===================================================================
RCS file: /extra/cvsroot/licq/src/licq.cpp,v
retrieving revision 1.38
diff -u -p -r1.38 licq.cpp
--- licq.cpp 2000/06/27 01:36:52 1.38
+++ licq.cpp 2000/06/28 01:52:56
@@ -365,6 +365,8 @@ bool CLicq::Init(int argc, char **argv)
DH *dh = get_dh512();
SSL_CTX_set_tmp_dh(gSSL_CTX, dh);
DH_free(dh);
+
+ FD_ZERO(&gSSL_pending);
#endif
// Start things going
Index: src/socket.cpp
===================================================================
RCS file: /extra/cvsroot/licq/src/socket.cpp,v
retrieving revision 1.5
diff -u -p -r1.5 socket.cpp
--- socket.cpp 2000/06/27 01:36:52 1.5
+++ socket.cpp 2000/06/28 01:52:58
@@ -39,6 +39,7 @@ extern int h_errno;
#include <openssl/ssl.h>
#include <openssl/err.h>
+fd_set gSSL_pending;
SSL_CTX *gSSL_CTX;
#endif // OpenSSL
@@ -547,13 +548,18 @@ bool TCPSocket::SendPacket(CBuffer *b_in
#ifdef USE_OPENSSL
if (m_pSSL != NULL)
{
- int i, j;
+ int i,j;
+
ERR_clear_error();
- if ((i = SSL_write(m_pSSL, pcSize, 2)) < 0)
+ pthread_mutex_lock(&mutex_SSL);
+ i = SSL_write(m_pSSL, pcSize, 2);
+ j = SSL_get_error(m_pSSL, i);
+ pthread_mutex_unlock(&mutex_SSL);
+ if (j != SSL_ERROR_NONE)
{
const char *file; int line;
unsigned long err;
- switch (j = SSL_get_error(m_pSSL, i))
+ switch (j)
{
case SSL_ERROR_SSL:
err = ERR_get_error_line(&file, &line);
@@ -567,11 +573,15 @@ bool TCPSocket::SendPacket(CBuffer *b_in
}
ERR_clear_error();
- if ((i = SSL_write(m_pSSL, b->getDataStart(), b->getDataSize())) < 0)
+ pthread_mutex_lock(&mutex_SSL);
+ i = SSL_write(m_pSSL, b->getDataStart(), b->getDataSize());
+ j = SSL_get_error(m_pSSL, i);
+ pthread_mutex_unlock(&mutex_SSL);
+ if (j != SSL_ERROR_NONE)
{
const char *file; int line;
unsigned long err;
- switch (j = SSL_get_error(m_pSSL, i))
+ switch (j)
{
case SSL_ERROR_SSL:
err = ERR_get_error_line(&file, &line);
@@ -666,8 +676,11 @@ bool TCPSocket::RecvPacket()
#ifdef USE_OPENSSL
if (m_pSSL)
{
+ pthread_mutex_lock(&mutex_SSL);
nBytesReceived = SSL_read(m_pSSL, buffer, 2);
- switch (SSL_get_error(m_pSSL, nBytesReceived))
+ int tmp = SSL_get_error(m_pSSL, nBytesReceived);
+ pthread_mutex_unlock(&mutex_SSL);
+ switch (tmp)
{
case SSL_ERROR_NONE:
break;
@@ -717,8 +730,11 @@ bool TCPSocket::RecvPacket()
#ifdef USE_OPENSSL
if (m_pSSL != NULL)
{
+ pthread_mutex_lock(&mutex_SSL);
nBytesReceived = SSL_read(m_pSSL, m_xRecvBuffer.getDataPosWrite(), nBytesLeft);
- switch (SSL_get_error(m_pSSL, nBytesReceived))
+ int tmp = SSL_get_error(m_pSSL, nBytesReceived);
+ pthread_mutex_unlock(&mutex_SSL);
+ switch (tmp)
{
case SSL_ERROR_NONE:
break;
@@ -753,6 +769,15 @@ bool TCPSocket::RecvPacket()
#endif
m_xRecvBuffer.incDataPosWrite(nBytesReceived);
+#ifdef USE_OPENSSL
+ // Make sure we get called again for more data
+ if (m_pSSL)
+ {
+ if (SSL_pending(m_pSSL)) FD_SET(m_nDescriptor, &gSSL_pending);
+ else FD_CLR(m_nDescriptor, &gSSL_pending);
+ }
+#endif
+
// Print the packet if it's full
if (m_xRecvBuffer.Full())
DumpPacket(&m_xRecvBuffer, D_RECEIVER);
@@ -776,27 +801,66 @@ TCPSocket::~TCPSocket()
#ifdef USE_OPENSSL /*-----Start of OpenSSL code----------------------------*/
-void TCPSocket::SecureConnect()
+bool TCPSocket::SecureConnect()
{
+ pthread_mutex_init(&mutex_SSL, NULL);
m_pSSL = SSL_new(gSSL_CTX);
#ifdef SSL_DEBUG
m_pSSL->debug = 1;
#endif
SSL_set_session(m_pSSL, NULL);
SSL_set_fd(m_pSSL, m_nDescriptor);
- SSL_connect(m_pSSL);
+ int i = SSL_connect(m_pSSL);
+ if (i < 0) {
+ const char *file; int line;
+ unsigned long err;
+ int j = SSL_get_error(m_pSSL, i);
+ switch (j)
+ {
+ case SSL_ERROR_SSL:
+ err = ERR_get_error_line(&file, &line);
+ gLog.Error("%sSSL_connect error = %lx, %s:%i\n", L_SSLxSTR, err, file, line);
+ ERR_clear_error();
+ break;
+ default:
+ gLog.Error("%sSSL_connect error %d, SSL_%d\n", L_SSLxSTR, i, j);
+ break;
+ }
+ return false;
+ }
+ return true;
}
-void TCPSocket::SecureListen()
+bool TCPSocket::SecureListen()
{
+ pthread_mutex_init(&mutex_SSL, NULL);
m_pSSL = SSL_new(gSSL_CTX);
SSL_set_session(m_pSSL, NULL);
SSL_set_fd(m_pSSL, m_nDescriptor);
- SSL_accept(m_pSSL);
+ int i = SSL_accept(m_pSSL);
+ if (i < 0) {
+ const char *file; int line;
+ unsigned long err;
+ int j = SSL_get_error(m_pSSL, i);
+ switch (j)
+ {
+ case SSL_ERROR_SSL:
+ err = ERR_get_error_line(&file, &line);
+ gLog.Error("%sSSL_accept error = %lx, %s:%i\n", L_SSLxSTR, err, file, line);
+ ERR_clear_error();
+ break;
+ default:
+ gLog.Error("%sSSL_accept error %d, SSL_%d\n", L_SSLxSTR, i, j);
+ break;
+ }
+ return false;
+ }
+ return true;
}
void TCPSocket::SecureStop()
{
+ pthread_mutex_destroy(&mutex_SSL);
SSL_free(m_pSSL);
m_pSSL = NULL;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic