INN commit: trunk (CONTRIBUTORS nnrpd/line.c)

INN Commit Russ_Allbery at isc.org
Mon May 19 17:13:10 UTC 2008 

    Date: Monday, May 19, 2008 @ 10:13:10
  Author: iulius
Revision: 7836

Implementation of the "alarm signal" around SSL_read so that to prevent
dead connections from leading nnrpd processes to wait forever in
SSL_read().
"clienttimeout" now also works on SSL connections.

Thanks to Matija Nalis for the patch.

Modified:
  trunk/CONTRIBUTORS
  trunk/nnrpd/line.c

--------------+
 CONTRIBUTORS |    3 ++-
 nnrpd/line.c |   30 ++++++++++++++++++++++++++----
 2 files changed, 28 insertions(+), 5 deletions(-)

Modified: CONTRIBUTORS
===================================================================
--- CONTRIBUTORS	2008-05-19 17:10:51 UTC (rev 7835)
+++ CONTRIBUTORS	2008-05-19 17:13:10 UTC (rev 7836)
@@ -266,4 +266,5 @@
 Chris Caputo, Thomas Parleman, Adam J. Richter, Jim Dutton, Julien Elie,
 Ray Miller, Andreas M. Kirchwitz, Andrey Yakovlev, Christoph Biedl,
 Kai Gallasch, Ollivier Robert, Ivan Shmakov, Kachun Lee, Kirill Berezin,
-D. Stussy, Alan Schwartz, Shalon Wood, Nick Couchman, Jakub Bogusz
+D. Stussy, Alan Schwartz, Shalon Wood, Nick Couchman, Jakub Bogusz,
+J. Thomas Halliley, Matija Nalis

Modified: nnrpd/line.c
===================================================================
--- nnrpd/line.c	2008-05-19 17:10:51 UTC (rev 7835)
+++ nnrpd/line.c	2008-05-19 17:13:10 UTC (rev 7836)
@@ -20,6 +20,7 @@
 
 #include "inn/messages.h"
 #include "nnrpd.h"
+#include <signal.h>
 #include "tls.h"
 
 #ifdef HAVE_SSL
@@ -40,7 +41,20 @@
     }
 }
 
+#ifdef HAVE_SSL
 /*
+**  Alarm signal handler for client timeout.
+*/
+static void
+alarmHandler(int s UNUSED)
+{
+    SSL_shutdown(tls_conn);
+    tls_conn = NULL;
+    errno = ECONNRESET;
+}
+#endif
+  
+/*
 **  initialise a new line structure
 */
 void
@@ -53,7 +67,7 @@
 }
 
 static ssize_t
-line_doread(void *p, size_t len)
+line_doread(void *p, size_t len, int timeout)
 {
     ssize_t n;
 
@@ -61,8 +75,14 @@
 #ifdef HAVE_SSL
 	if (tls_conn) {
 	    int err;
+            xsignal(SIGALRM, alarmHandler);
 	    do {
-		n = SSL_read(tls_conn, p, len);
+                alarm(timeout);
+                n = SSL_read(tls_conn, p, len);
+                alarm(0);
+                if (tls_conn == NULL) {
+                    break;
+                }
 		err = SSL_get_error(tls_conn, n);
 		switch (err) {
 		case SSL_ERROR_SYSCALL:
@@ -75,6 +95,7 @@
 		    break;
 		}
 	    } while (err == SSL_ERROR_WANT_READ);
+            xsignal (SIGALRM, SIG_DFL);
 	} else
 #endif /* HAVE_SSL */
 	    do {
@@ -206,8 +227,9 @@
 #ifdef HAVE_SSL
             }
 #endif
-	    count = line_doread(where,
-				line->allocated - (where - line->start));
+            count = line_doread(where,
+                                line->allocated - (where - line->start), 
+                                timeout);
 
 	    /* give timeout for read errors */
 	    if (count < 0) {

More information about the inn-committers mailing list