mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2025-02-02 15:07:36 -05:00
Fix: Corrected how reads from TLS report errors
This commit is contained in:
Philipp Schafft
parent
33a0595d10
commit
0797b2862a
@ -397,7 +397,7 @@ int client_read_bytes(client_t *client, void *buf, unsigned len)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (bytes == -1 && client->con->error)
|
if (bytes == -1 && client->con->error)
|
||||||
ICECAST_LOG_DEBUG("reading from connection has failed");
|
ICECAST_LOG_DEBUG("reading from connection has failed (client=%p, con=%p)", client, client->con);
|
||||||
|
|
||||||
fastevent_emit(FASTEVENT_TYPE_CLIENT_READ, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)bytes);
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_READ, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)bytes);
|
||||||
|
|
||||||
|
|||||||
@ -407,6 +407,10 @@ static int connection_read_tls(connection_t *con, void *buf, size_t len)
|
|||||||
ssize_t bytes = tls_read(con->tls, buf, len);
|
ssize_t bytes = tls_read(con->tls, buf, len);
|
||||||
|
|
||||||
if (bytes <= 0) {
|
if (bytes <= 0) {
|
||||||
|
if (tls_error(con->tls)) {
|
||||||
|
ICECAST_LOG_DEBUG("Client hit TLS error (con=%p, tls=%p)", con, con->tls);
|
||||||
|
con->error = 1;
|
||||||
|
}
|
||||||
if (tls_want_io(con->tls) > 0)
|
if (tls_want_io(con->tls) > 0)
|
||||||
return -1;
|
return -1;
|
||||||
con->error = 1;
|
con->error = 1;
|
||||||
@ -763,7 +767,7 @@ static client_slurp_result_t process_request_body_queue_one(client_queue_entry_t
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (res != CLIENT_SLURP_SUCCESS) {
|
if (res != CLIENT_SLURP_SUCCESS) {
|
||||||
if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit) {
|
if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit || client->con->error) {
|
||||||
return CLIENT_SLURP_ERROR;
|
return CLIENT_SLURP_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1147,7 +1151,7 @@ static void * _handle_connection(client_queue_t *queue)
|
|||||||
httpp_initialize(parser, NULL);
|
httpp_initialize(parser, NULL);
|
||||||
client->parser = parser;
|
client->parser = parser;
|
||||||
}
|
}
|
||||||
if (already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) {
|
if ((already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) && !client->con->error) {
|
||||||
client->refbuf->len = 0;
|
client->refbuf->len = 0;
|
||||||
|
|
||||||
/* early check if we need more data */
|
/* early check if we need more data */
|
||||||
@ -1187,7 +1191,7 @@ static void * _handle_connection(client_queue_t *queue)
|
|||||||
client_queue_add(&_handle_queue, node);
|
client_queue_add(&_handle_queue, node);
|
||||||
} else {
|
} else {
|
||||||
free_client_node(node);
|
free_client_node(node);
|
||||||
ICECAST_LOG_ERROR("HTTP request parsing failed");
|
ICECAST_LOG_ERROR("HTTP request parsing failed (client=%p)", client);
|
||||||
client_destroy (client);
|
client_destroy (client);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
26
src/tls.c
26
src/tls.c
@ -52,6 +52,7 @@ struct tls_tag {
|
|||||||
size_t refc;
|
size_t refc;
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
tls_ctx_t *ctx;
|
tls_ctx_t *ctx;
|
||||||
|
bool error;
|
||||||
};
|
};
|
||||||
|
|
||||||
void tls_initialize(void)
|
void tls_initialize(void)
|
||||||
@ -241,10 +242,22 @@ int tls_got_shutdown(tls_t *tls)
|
|||||||
|
|
||||||
ssize_t tls_read(tls_t *tls, void *buffer, size_t len)
|
ssize_t tls_read(tls_t *tls, void *buffer, size_t len)
|
||||||
{
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (!tls)
|
if (!tls)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return SSL_read(tls->ssl, buffer, len);
|
ret = SSL_read(tls->ssl, buffer, len);
|
||||||
|
ICECAST_LOG_DDEBUG("Read on TLS (tls=%o, ret=%i)", tls, ret);
|
||||||
|
|
||||||
|
if (ret <= 0 && !tls->error) {
|
||||||
|
int error = SSL_get_error(tls->ssl, ret);
|
||||||
|
ICECAST_LOG_DEBUG("Zero read on TLS (tls=%p, ret=%i, error=%i)", tls, ret, error);
|
||||||
|
if (error == SSL_ERROR_SYSCALL || error == SSL_ERROR_SSL)
|
||||||
|
tls->error = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
|
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
|
||||||
{
|
{
|
||||||
@ -269,6 +282,13 @@ ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
|
|||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool tls_error(tls_t *tls) {
|
||||||
|
if (!tls)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return tls->error;
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
void tls_initialize(void)
|
void tls_initialize(void)
|
||||||
{
|
{
|
||||||
@ -325,4 +345,8 @@ ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool tls_error(tls_t *tls) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -9,6 +9,8 @@
|
|||||||
#ifndef __TLS_H__
|
#ifndef __TLS_H__
|
||||||
#define __TLS_H__
|
#define __TLS_H__
|
||||||
|
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
#include "common/net/sock.h"
|
#include "common/net/sock.h"
|
||||||
|
|
||||||
/* Do we have TLS Support? */
|
/* Do we have TLS Support? */
|
||||||
@ -44,4 +46,6 @@ int tls_got_shutdown(tls_t *tls);
|
|||||||
ssize_t tls_read(tls_t *tls, void *buffer, size_t len);
|
ssize_t tls_read(tls_t *tls, void *buffer, size_t len);
|
||||||
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len);
|
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len);
|
||||||
|
|
||||||
|
bool tls_error(tls_t *tls);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user