summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog2
-rw-r--r--runtime/nsd_gtls.c6
-rw-r--r--runtime/nsdsel_gtls.c4
-rw-r--r--tcps_sess.c14
4 files changed, 13 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 905c2594..f84f3146 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@ Version 3.19.3 (rgerhards), 2008-05-??
runtime library, resulting in a large size increase (and potential
"interesting" effects). Thanks to Michael Biebel for reporting the size
issue.
+- bugfix: TLS server went into an endless loop in some situations.
+ Thanks to Michael Biebl for reporting the problem.
---------------------------------------------------------------------------
Version 3.19.2 (rgerhards), 2008-05-14
- fixed potential segfault due to invalid call to cfsysline
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 03ceba7b..be3910f9 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -534,6 +534,12 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
/* in TLS mode now */
lenRcvd = gnutls_record_recv(pThis->sess, pBuf, *pLenBuf);
+ if(lenRcvd < 0) {
+int gnuRet; /* this is a hack */
+ *pLenBuf = -1;
+ CHKgnutls(lenRcvd); /* this will abort the function */
+ }
+
*pLenBuf = lenRcvd;
finalize_it:
diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
index 1ee4b46c..24c074f6 100644
--- a/runtime/nsdsel_gtls.c
+++ b/runtime/nsdsel_gtls.c
@@ -141,6 +141,10 @@ doRetry(nsd_gtls_t *pNsd)
if(gnuRet == 0) {
pNsd->rtryCall = gtlsRtry_None; /* we are done */
} else if(gnuRet != GNUTLS_E_AGAIN && gnuRet != GNUTLS_E_INTERRUPTED) {
+ uchar *pErr = gtlsStrerror(gnuRet);
+ dbgprintf("unexpected GnuTLS error %d in %s:%d: %s\n", gnuRet, __FILE__, __LINE__, pErr);
+ free(pErr);
+ pNsd->rtryCall = gtlsRtry_None; /* we are also done... ;) */
ABORT_FINALIZE(RS_RET_GNUTLS_ERR);
}
/* if we are interrupted once again (else case), we do not need to
diff --git a/tcps_sess.c b/tcps_sess.c
index 0460ebe5..1a57c8cb 100644
--- a/tcps_sess.c
+++ b/tcps_sess.c
@@ -341,19 +341,7 @@ DataRcvd(tcps_sess_t *pThis, char *pData, size_t iLen)
assert(pData != NULL);
assert(iLen > 0);
- /* We now copy the message to the session buffer. As
- * it looks, we need to do this in any case because
- * we might run into multiple messages inside a single
- * buffer. Of course, we could think about optimizations,
- * but as this code is to be replaced by liblogging, it
- * probably doesn't make so much sense...
- * rgerhards 2005-07-04
- *
- * Algo:
- * - copy message to buffer until the first LF is found
- * - printline() the buffer
- * - continue with copying
- */
+ /* We now copy the message to the session buffer. */
pEnd = pData + iLen; /* this is one off, which is intensional */
while(pData < pEnd) {