diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2021-06-17 10:24:41 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-06-17 17:06:21 +0200 |
| commit | 720b4a1a437759cb31b8283299e2e5e4289757e7 (patch) | |
| tree | 77152a109ddeda65d1c49e9c0224a98a8a68181f /lib/vtls | |
| parent | 80e1054fe5179c55104446a979369cdb3aceafc6 (diff) | |
| download | curl-720b4a1a437759cb31b8283299e2e5e4289757e7.tar.gz | |
TLS: prevent shutdown loops to get stuck
... by making sure the loops are only allowed to read the shutdown
traffic a limited number of times.
Reported-by: Harry Sintonen
Closes #7271
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/gskit.c | 3 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 3 | ||||
| -rw-r--r-- | lib/vtls/sectransp.c | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c index ca953769d..281bb52bb 100644 --- a/lib/vtls/gskit.c +++ b/lib/vtls/gskit.c @@ -1192,6 +1192,7 @@ static int gskit_shutdown(struct Curl_easy *data, int what; int rc; char buf[120]; + int loop = 10; /* don't get stuck */ if(!BACKEND->handle) return 0; @@ -1206,7 +1207,7 @@ static int gskit_shutdown(struct Curl_easy *data, what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); - for(;;) { + while(loop--) { ssize_t nread; if(what < 0) { diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 9ce6f6835..e4aa26ac1 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1448,6 +1448,7 @@ static int ossl_shutdown(struct Curl_easy *data, int err; bool done = FALSE; struct ssl_backend_data *backend = connssl->backend; + int loop = 10; #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code @@ -1461,7 +1462,7 @@ static int ossl_shutdown(struct Curl_easy *data, if(backend->handle) { buffsize = (int)sizeof(buf); - while(!done) { + while(!done && loop--) { int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); if(what > 0) { diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index edd375ea7..451b6cdb6 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -3148,6 +3148,7 @@ static int sectransp_shutdown(struct Curl_easy *data, int what; int rc; char buf[120]; + int loop = 10; /* avoid getting stuck */ if(!backend->ssl_ctx) return 0; @@ -3163,7 +3164,7 @@ static int sectransp_shutdown(struct Curl_easy *data, what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT); - for(;;) { + while(loop--) { if(what < 0) { /* anything that gets here is fatally bad */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); |