diff options
| author | Shane Kearns <ext-shane.2.kearns@nokia.com> | 2012-01-30 15:52:27 +0000 |
|---|---|---|
| committer | Pasi Pentikäinen <ext-pasi.a.pentikainen@nokia.com> | 2012-02-02 14:32:26 +0100 |
| commit | 24fa03682480911288adacd94c2f0beef2f8dcb8 (patch) | |
| tree | 0482ecff2c041cd46f31ca6fb29b83a015a7aad5 | |
| parent | 418cb740d29ca9c415ddac39f5e5d5e5ab21aeeb (diff) | |
| download | qt4-tools-24fa03682480911288adacd94c2f0beef2f8dcb8.tar.gz | |
Prevent data loss when an ssl socket is closed by remote
SSL context was destroyed on disconnect. This makes it impossible to
decrypt buffered encrypted data. So if there is encrypted data in the
receive buffers, then don't destroy the ssl context until the socket is
destroyed.
Task-Number: QTBUG-23607
Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f
Reviewed-by: Jonas Gastal <jgastal@profusion.mobi>
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit c5aba0ac17ae6ed8f3847bd30325acdbd1ecaa80)
Reviewed-by: Pasi Pentikäinen <ext-pasi.a.pentikainen@nokia.com>
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 34 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl_p.h | 1 |
2 files changed, 22 insertions, 13 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 900bfdb2e9..4743cbbe39 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -183,6 +183,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate() QSslSocketBackendPrivate::~QSslSocketBackendPrivate() { + destroySslContext(); } QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) @@ -487,6 +488,22 @@ init_context: return true; } +void QSslSocketBackendPrivate::destroySslContext() +{ + if (ssl) { + q_SSL_free(ssl); + ssl = 0; + } + if (ctx) { + q_SSL_CTX_free(ctx); + ctx = 0; + } + if (pkey) { + q_EVP_PKEY_free(pkey); + pkey = 0; + } +} + /*! \internal */ @@ -1407,19 +1424,10 @@ void QSslSocketBackendPrivate::disconnectFromHost() void QSslSocketBackendPrivate::disconnected() { - if (ssl) { - q_SSL_free(ssl); - ssl = 0; - } - if (ctx) { - q_SSL_CTX_free(ctx); - ctx = 0; - } - if (pkey) { - q_EVP_PKEY_free(pkey); - pkey = 0; - } - + if (plainSocket->bytesAvailable() <= 0) + destroySslContext(); + //if there is still buffered data in the plain socket, don't destroy the ssl context yet. + //it will be destroyed when the socket is deleted. } QSslCipher QSslSocketBackendPrivate::sessionCipher() const diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 7e489a4eff..98afffd9e0 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -99,6 +99,7 @@ public: // SSL context bool initSslContext(); + void destroySslContext(); SSL *ssl; SSL_CTX *ctx; EVP_PKEY *pkey; |