1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2025-01-03 14:56:34 -05:00

Fix: Corrected how reads from TLS report errors

This commit is contained in:
Philipp Schafft 2024-10-22 12:16:58 +00:00
parent 33a0595d10
commit 0797b2862a
4 changed files with 37 additions and 5 deletions

View File

@ -397,7 +397,7 @@ int client_read_bytes(client_t *client, void *buf, unsigned len)
}
if (bytes == -1 && client->con->error)
ICECAST_LOG_DEBUG("reading from connection has failed");
ICECAST_LOG_DEBUG("reading from connection has failed (client=%p, con=%p)", client, client->con);
fastevent_emit(FASTEVENT_TYPE_CLIENT_READ, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)bytes);

View File

@ -407,6 +407,10 @@ static int connection_read_tls(connection_t *con, void *buf, size_t len)
ssize_t bytes = tls_read(con->tls, buf, len);
if (bytes <= 0) {
if (tls_error(con->tls)) {
ICECAST_LOG_DEBUG("Client hit TLS error (con=%p, tls=%p)", con, con->tls);
con->error = 1;
}
if (tls_want_io(con->tls) > 0)
return -1;
con->error = 1;
@ -763,7 +767,7 @@ static client_slurp_result_t process_request_body_queue_one(client_queue_entry_t
}
if (res != CLIENT_SLURP_SUCCESS) {
if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit) {
if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit || client->con->error) {
return CLIENT_SLURP_ERROR;
}
}
@ -1147,7 +1151,7 @@ static void * _handle_connection(client_queue_t *queue)
httpp_initialize(parser, NULL);
client->parser = parser;
}
if (already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) {
if ((already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) && !client->con->error) {
client->refbuf->len = 0;
/* early check if we need more data */
@ -1187,7 +1191,7 @@ static void * _handle_connection(client_queue_t *queue)
client_queue_add(&_handle_queue, node);
} else {
free_client_node(node);
ICECAST_LOG_ERROR("HTTP request parsing failed");
ICECAST_LOG_ERROR("HTTP request parsing failed (client=%p)", client);
client_destroy (client);
}
} else {

View File

@ -52,6 +52,7 @@ struct tls_tag {
size_t refc;
SSL *ssl;
tls_ctx_t *ctx;
bool error;
};
void tls_initialize(void)
@ -241,10 +242,22 @@ int tls_got_shutdown(tls_t *tls)
ssize_t tls_read(tls_t *tls, void *buffer, size_t len)
{
int ret;
if (!tls)
return -1;
return SSL_read(tls->ssl, buffer, len);
ret = SSL_read(tls->ssl, buffer, len);
ICECAST_LOG_DDEBUG("Read on TLS (tls=%o, ret=%i)", tls, ret);
if (ret <= 0 && !tls->error) {
int error = SSL_get_error(tls->ssl, ret);
ICECAST_LOG_DEBUG("Zero read on TLS (tls=%p, ret=%i, error=%i)", tls, ret, error);
if (error == SSL_ERROR_SYSCALL || error == SSL_ERROR_SSL)
tls->error = true;
}
return ret;
}
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
{
@ -269,6 +282,13 @@ ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
return ret;
}
bool tls_error(tls_t *tls) {
if (!tls)
return true;
return tls->error;
}
#else
void tls_initialize(void)
{
@ -325,4 +345,8 @@ ssize_t tls_write(tls_t *tls, const void *buffer, size_t len)
return -1;
}
bool tls_error(tls_t *tls) {
return true;
}
#endif

View File

@ -9,6 +9,8 @@
#ifndef __TLS_H__
#define __TLS_H__
#include <stdbool.h>
#include "common/net/sock.h"
/* Do we have TLS Support? */
@ -44,4 +46,6 @@ int tls_got_shutdown(tls_t *tls);
ssize_t tls_read(tls_t *tls, void *buffer, size_t len);
ssize_t tls_write(tls_t *tls, const void *buffer, size_t len);
bool tls_error(tls_t *tls);
#endif