base: Reject new sync ops when handshake is in progress

Port of 206c6b252becd613da6ecf8d18d2446bd57091b2

1 files changed, 16 insertions, 3 deletions

diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index 60a1d84..e2bf206 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -538,6 +538,22 @@ claim_op (GTlsConnectionBase    *tls,
         }
     }
 
+  if (priv->handshaking &&
+      timeout != 0 &&
+      g_main_context_is_owner (priv->handshake_context))
+    {
+      /* Cannot perform a blocking operation during a handshake on the
+       * same thread that triggered the handshake. The only way this can
+       * occur is if the application is doing something weird in its
+       * accept-certificate callback. Allowing a blocking op would stall
+       * the handshake (forever, if there's no timeout). Even a close
+       * op would deadlock here.
+       */
+      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _("Cannot perform blocking operation during TLS handshake"));
+      g_mutex_unlock (&priv->op_mutex);
+      return FALSE;
+    }
+
   if ((op != G_TLS_CONNECTION_BASE_OP_WRITE && priv->reading) ||
       (op != G_TLS_CONNECTION_BASE_OP_READ && priv->writing) ||
       (op != G_TLS_CONNECTION_BASE_OP_HANDSHAKE && priv->handshaking))
@@ -1344,9 +1360,6 @@ handshake_thread (GTask        *task,
         }
     }
 
-  g_clear_object (&priv->peer_certificate);
-  priv->peer_certificate_errors = 0;
-
   /* Adjust the timeout for the next operation in the sequence. */
   if (timeout > 0)
     {