INN commit: branches/2.4 (innd/Makefile nnrpd/line.c)

Mon May 19 17:14:15 UTC 2008

Date: Monday, May 19, 2008 @ 10:14:15
  Author: iulius
Revision: 7837

Implementation of the "alarm signal" around SSL_read so that to prevent
dead connections from leading nnrpd processes to wait forever in
SSL_read().
"clienttimeout" now also works on SSL connections.

Thanks to Matija Nalis for the patch.

Modified:
  branches/2.4/innd/Makefile
  branches/2.4/nnrpd/line.c

---------------+
 innd/Makefile |   10 +++++-----
 nnrpd/line.c  |   30 ++++++++++++++++++++++++++----
 2 files changed, 31 insertions(+), 9 deletions(-)

Modified: innd/Makefile
===================================================================

--- innd/Makefile	2008-05-19 17:13:10 UTC (rev 7836)
+++ innd/Makefile	2008-05-19 17:14:15 UTC (rev 7837)
@@ -198,11 +198,11 @@
 rc.o: rc.c ../include/config.h ../include/inn/defines.h \
   ../include/inn/system.h ../include/clibrary.h ../include/config.h \
   ../include/portable/socket.h ../include/config.h \
-  ../include/inn/innconf.h ../include/inn/defines.h innd.h \
-  ../include/portable/time.h ../include/inn/buffer.h \
-  ../include/inn/history.h ../include/inn/messages.h \
-  ../include/inn/timer.h ../include/libinn.h ../include/nntp.h \
-  ../include/paths.h ../include/storage.h
+  ../include/inn/innconf.h ../include/inn/defines.h \
+  ../include/inn/vector.h innd.h ../include/portable/time.h \
+  ../include/inn/buffer.h ../include/inn/history.h \
+  ../include/inn/messages.h ../include/inn/timer.h ../include/libinn.h \
+  ../include/nntp.h ../include/paths.h ../include/storage.h
 site.o: site.c ../include/config.h ../include/inn/defines.h \
   ../include/inn/system.h ../include/clibrary.h ../include/config.h \
   ../include/inn/innconf.h ../include/inn/defines.h innd.h \

Modified: nnrpd/line.c
===================================================================
--- nnrpd/line.c	2008-05-19 17:13:10 UTC (rev 7836)
+++ nnrpd/line.c	2008-05-19 17:14:15 UTC (rev 7837)
@@ -23,6 +23,7 @@
 
 #ifdef HAVE_SSL
 #include <openssl/ssl.h>
+#include <signal.h>
 extern SSL *tls_conn;
 #endif
 
@@ -40,7 +41,20 @@
     }
 }
 
+#ifdef HAVE_SSL
 /*
+**  Alarm signal handler for client timeout.
+*/
+static void
+alarmHandler(int s)
+{
+    SSL_shutdown(tls_conn);
+    tls_conn = NULL;
+    errno = ECONNRESET;
+}
+#endif
+  
+/*
 **  initialise a new line structure
 */
 void
@@ -53,15 +67,21 @@
 }
 
 static ssize_t
-line_doread(void *p, size_t len)
+line_doread(void *p, size_t len, int timeout)
 {
     ssize_t n;
 
 #ifdef HAVE_SSL
     if (tls_conn) {
 	int err;
+        xsignal(SIGALRM, alarmHandler);
 	do {
-	    n = SSL_read(tls_conn, p, len);
+            alarm(timeout);
+            n = SSL_read(tls_conn, p, len);
+            alarm(0);
+            if (tls_conn == NULL) {
+                break;
+        }
 	    err = SSL_get_error(tls_conn, n);
 	    switch (err) {
 	    case SSL_ERROR_SYSCALL:
@@ -74,6 +94,7 @@
 		break;
 	    }
 	} while (err == SSL_ERROR_WANT_READ);
+        xsignal(SIGALRM, SIG_DFL);
     } else {
 #endif
 	do {
@@ -185,8 +206,9 @@
 #ifdef HAVE_SSL
             }
 #endif
-	    count = line_doread(where,
-				line->allocated - (where - line->start));
+            count = line_doread(where,
+                                line->allocated - (where - line->start), 
+                                timeout);
 
 	    /* give timeout for read errors */
 	    if (count < 0) {

