[InterNetNews/inn] e078fd: nnrpd: Discards incoming data after a timeout

Julien ÉLIE noreply at github.com
Fri Nov 19 19:35:14 UTC 2021


  Branch: refs/heads/main
  Home:   https://github.com/InterNetNews/inn
  Commit: e078fd53a4839593d79402e1ca6c672298ef577b
      https://github.com/InterNetNews/inn/commit/e078fd53a4839593d79402e1ca6c672298ef577b
  Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
  Date:   2021-11-19 (Fri, 19 Nov 2021)

  Changed paths:
    M doc/pod/news.pod
    M nnrpd/article.c
    M nnrpd/line.c
    M nnrpd/nnrpd.c
    M scripts/innreport_inn.pm

  Log Message:
  -----------
  nnrpd: Discards incoming data after a timeout

When a timeout occurs during a TLS session, nnrpd sent the close_notify
shutdown alert, and then tried to SSL_read() incoming data and act on
these data.  It led to inflate() and sasl_decode() errors.

The right behaviour is to discard these data because we do not expect them
from a news client at that stage of the connection.

Also, there is no need in calling SSL_shutdown() twice (a unidirectional
shutdown is allowed per OpenSSL documentation), so don't call it and just
discard the data.

After SSL_ERROR_ZERO_RETURN, SSL_shutdown() should be called, but never
after SSL_ERROR_SYSCALL or SSL_ERROR_SSL.

Finally, this commit also teaches innreport not to report "can't read"
errors as unknown log lines.  When that error occurs, another log line is
usually present with the related error.




More information about the inn-committers mailing list