diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-15 07:58:01 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-15 07:58:01 +0200 |
| commit | d8b191a1f37ca3f5331afa25480d49612335b674 (patch) | |
| tree | d6a2aa67963db6b3403c577b852ac1f075f49436 | |
| parent | ce0569ec3ecb2116fb41006ca57498eccf1de43c (diff) | |
| download | rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.tar.gz rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.tar.xz rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.zip | |
bugfix: TLS server went into an endless loop in some situations.
Thanks to Michael Biebl for reporting the problem.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 6 | ||||
| -rw-r--r-- | runtime/nsdsel_gtls.c | 4 | ||||
| -rw-r--r-- | tcps_sess.c | 14 |
4 files changed, 13 insertions, 13 deletions
@@ -4,6 +4,8 @@ Version 3.19.3 (rgerhards), 2008-05-?? runtime library, resulting in a large size increase (and potential "interesting" effects). Thanks to Michael Biebel for reporting the size issue. +- bugfix: TLS server went into an endless loop in some situations. + Thanks to Michael Biebl for reporting the problem. --------------------------------------------------------------------------- Version 3.19.2 (rgerhards), 2008-05-14 - fixed potential segfault due to invalid call to cfsysline diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 03ceba7b..be3910f9 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -534,6 +534,12 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) /* in TLS mode now */ lenRcvd = gnutls_record_recv(pThis->sess, pBuf, *pLenBuf); + if(lenRcvd < 0) { +int gnuRet; /* this is a hack */ + *pLenBuf = -1; + CHKgnutls(lenRcvd); /* this will abort the function */ + } + *pLenBuf = lenRcvd; finalize_it: diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c index 1ee4b46c..24c074f6 100644 --- a/runtime/nsdsel_gtls.c +++ b/runtime/nsdsel_gtls.c @@ -141,6 +141,10 @@ doRetry(nsd_gtls_t *pNsd) if(gnuRet == 0) { pNsd->rtryCall = gtlsRtry_None; /* we are done */ } else if(gnuRet != GNUTLS_E_AGAIN && gnuRet != GNUTLS_E_INTERRUPTED) { + uchar *pErr = gtlsStrerror(gnuRet); + dbgprintf("unexpected GnuTLS error %d in %s:%d: %s\n", gnuRet, __FILE__, __LINE__, pErr); + free(pErr); + pNsd->rtryCall = gtlsRtry_None; /* we are also done... ;) */ ABORT_FINALIZE(RS_RET_GNUTLS_ERR); } /* if we are interrupted once again (else case), we do not need to diff --git a/tcps_sess.c b/tcps_sess.c index 0460ebe5..1a57c8cb 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -341,19 +341,7 @@ DataRcvd(tcps_sess_t *pThis, char *pData, size_t iLen) assert(pData != NULL); assert(iLen > 0); - /* We now copy the message to the session buffer. As - * it looks, we need to do this in any case because - * we might run into multiple messages inside a single - * buffer. Of course, we could think about optimizations, - * but as this code is to be replaced by liblogging, it - * probably doesn't make so much sense... - * rgerhards 2005-07-04 - * - * Algo: - * - copy message to buffer until the first LF is found - * - printline() the buffer - * - continue with copying - */ + /* We now copy the message to the session buffer. */ pEnd = pData + iLen; /* this is one off, which is intensional */ while(pData < pEnd) { |