diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-15 07:58:01 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-15 07:58:01 +0200 |
| commit | d8b191a1f37ca3f5331afa25480d49612335b674 (patch) | |
| tree | d6a2aa67963db6b3403c577b852ac1f075f49436 /runtime | |
| parent | ce0569ec3ecb2116fb41006ca57498eccf1de43c (diff) | |
| download | rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.tar.gz rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.tar.xz rsyslog-d8b191a1f37ca3f5331afa25480d49612335b674.zip | |
bugfix: TLS server went into an endless loop in some situations.
Thanks to Michael Biebl for reporting the problem.
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/nsd_gtls.c | 6 | ||||
| -rw-r--r-- | runtime/nsdsel_gtls.c | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index 03ceba7b..be3910f9 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -534,6 +534,12 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf) /* in TLS mode now */ lenRcvd = gnutls_record_recv(pThis->sess, pBuf, *pLenBuf); + if(lenRcvd < 0) { +int gnuRet; /* this is a hack */ + *pLenBuf = -1; + CHKgnutls(lenRcvd); /* this will abort the function */ + } + *pLenBuf = lenRcvd; finalize_it: diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c index 1ee4b46c..24c074f6 100644 --- a/runtime/nsdsel_gtls.c +++ b/runtime/nsdsel_gtls.c @@ -141,6 +141,10 @@ doRetry(nsd_gtls_t *pNsd) if(gnuRet == 0) { pNsd->rtryCall = gtlsRtry_None; /* we are done */ } else if(gnuRet != GNUTLS_E_AGAIN && gnuRet != GNUTLS_E_INTERRUPTED) { + uchar *pErr = gtlsStrerror(gnuRet); + dbgprintf("unexpected GnuTLS error %d in %s:%d: %s\n", gnuRet, __FILE__, __LINE__, pErr); + free(pErr); + pNsd->rtryCall = gtlsRtry_None; /* we are also done... ;) */ ABORT_FINALIZE(RS_RET_GNUTLS_ERR); } /* if we are interrupted once again (else case), we do not need to |