mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Mahler <bmah...@apache.org>
Subject Review Request 50477: Fixed use-after-close bug when using libevent and SSL.
Date Wed, 27 Jul 2016 02:03:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50477/
-----------------------------------------------------------

Review request for mesos, Joris Van Remoortere and Joseph Wu.


Bugs: MESOS-5913
    https://issues.apache.org/jira/browse/MESOS-5913


Repository: mesos


Description
-------

The deferred call to SSL_shutdown within ~LibeventSSLSocketImpl
can occur after the socket fd has been closed by Socket::~Impl.

This can lead to a TLS Alert message being sent on any fd if
it the fd is re-used between the close and the SSL_shutdown!

Thanks to Jan-Philip Gehrcke for reporting the issue.


Diffs
-----

  3rdparty/libprocess/include/process/socket.hpp 881b44b987e5894cac838dae046ab7dbad20b000

  3rdparty/libprocess/src/libevent_ssl_socket.hpp 4d376d8b7c1b29105de69bed2e4077f8c94fed0b

  3rdparty/libprocess/src/libevent_ssl_socket.cpp f4c0b0b97960400b0282837979bf0ed17f56a068


Diff: https://reviews.apache.org/r/50477/diff/


Testing
-------

make check

Ran my repro steps (issue HTTP requests while hammering the master with HTTPS requests). Issue
disappears after this fix.


Thanks,

Benjamin Mahler


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message