[InterNetNews/inn] 8360cb: nnrpd: Discards incoming data after a timeout
Julien ÉLIE
noreply at github.com
Sat Nov 20 22:26:41 UTC 2021
Branch: refs/heads/2.6
Home: https://github.com/InterNetNews/inn
Commit: 8360cb5f3fc9fd9444316e58db5648760cbbcde0
https://github.com/InterNetNews/inn/commit/8360cb5f3fc9fd9444316e58db5648760cbbcde0
Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
Date: 2021-11-20 (Sat, 20 Nov 2021)
Changed paths:
M doc/pod/news.pod
M nnrpd/article.c
M nnrpd/line.c
M nnrpd/nnrpd.c
M scripts/innreport_inn.pm
Log Message:
-----------
nnrpd: Discards incoming data after a timeout
When a timeout occurs during a TLS session, nnrpd sent the close_notify
shutdown alert, and then tried to SSL_read() incoming data and act on
these data. It led to inflate() and sasl_decode() errors.
The right behaviour is to discard these data because we do not expect them
from a news client at that stage of the connection.
Also, there is no need in calling SSL_shutdown() twice (a unidirectional
shutdown is allowed per OpenSSL documentation), so don't call it and just
discard the data.
After SSL_ERROR_ZERO_RETURN, SSL_shutdown() should be called, but never
after SSL_ERROR_SYSCALL or SSL_ERROR_SSL.
Finally, this commit also teaches innreport not to report "can't read"
errors as unknown log lines. When that error occurs, another log line is
usually present with the related error.
More information about the inn-committers
mailing list