Forum: Ruby-core [ruby-trunk - Bug #8240][Assigned] SSLSocket breaks other connections or files on GC

C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 shugo (Shugo Maeda) (Guest)
on 2013-04-09 09:12
(Received via mailing list)
Issue #8240 has been reported by shugo (Shugo Maeda).

----------------------------------------
Bug #8240: SSLSocket breaks other connections or files on GC
https://bugs.ruby-lang.org/issues/8240

Author: shugo (Shugo Maeda)
Status: Assigned
Priority: Urgent
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-04-08 trunk 40183) [i686-linux]


When an OpenSSL::SSL::SSLSocket is recycled by GC, SSL_shutdown() is
called,
and SSL_shutdown() sends a close-notify alert message.
However at the GC time, the original socket might have already been
closed,
and thus its file descriptor might be reused for another socket or file.

This problem can be reproduced as follows:

  $ cat t.rb
  require "socket"
  require "openssl"

  loop do
    sock = TCPSocket.new("localhost", 443)
    GC.start
    ssl = OpenSSL::SSL::SSLSocket.new(sock)
    ssl.connect
    sock.close
  end
  $ ruby -v t.rb
  ruby 2.1.0dev (2013-04-08 trunk 40183) [i686-linux]
  t.rb:8:in `connect': SSL_connect SYSCALL returned=5 errno=0
state=unknown state (OpenSSL::SSL::SSLError)
    from t.rb:8:in `block in <main>'
    from t.rb:4:in `loop'
    from t.rb:4:in `<main>'

An SSLError is raised because a close-notify alert message is sent to
the server by GC
instead of a client hello message.
If the file descriptor is reused for a file, not a socket, the file
would get broken.
This problem occurs rarely, but its impact is very serious.

IMHO, the free function of a DATA object should not do any task other
than resource release.

Furthermore, SSLSocket#close calls SSL_shutdown(), but the original
socket might have been closed,
in which case SSL_shutdown() (and @io.close) should not be called
either.

The attached patch fixes these problems.
Ec8868bdcfb5926b97c98364d24a0a17?d=identicon&s=25 bpot (Bob Potter) (Guest)
on 2013-04-10 02:26
(Received via mailing list)
Issue #8240 has been updated by bpot (Bob Potter).


Cool! This should also resolve #7584
----------------------------------------
Bug #8240: SSLSocket breaks other connections or files on GC
https://bugs.ruby-lang.org/issues/8240#change-38407

Author: shugo (Shugo Maeda)
Status: Assigned
Priority: Urgent
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-04-08 trunk 40183) [i686-linux]


When an OpenSSL::SSL::SSLSocket is recycled by GC, SSL_shutdown() is
called,
and SSL_shutdown() sends a close-notify alert message.
However at the GC time, the original socket might have already been
closed,
and thus its file descriptor might be reused for another socket or file.

This problem can be reproduced as follows:

  $ cat t.rb
  require "socket"
  require "openssl"

  loop do
    sock = TCPSocket.new("localhost", 443)
    GC.start
    ssl = OpenSSL::SSL::SSLSocket.new(sock)
    ssl.connect
    sock.close
  end
  $ ruby -v t.rb
  ruby 2.1.0dev (2013-04-08 trunk 40183) [i686-linux]
  t.rb:8:in `connect': SSL_connect SYSCALL returned=5 errno=0
state=unknown state (OpenSSL::SSL::SSLError)
    from t.rb:8:in `block in <main>'
    from t.rb:4:in `loop'
    from t.rb:4:in `<main>'

An SSLError is raised because a close-notify alert message is sent to
the server by GC
instead of a client hello message.
If the file descriptor is reused for a file, not a socket, the file
would get broken.
This problem occurs rarely, but its impact is very serious.

IMHO, the free function of a DATA object should not do any task other
than resource release.

Furthermore, SSLSocket#close calls SSL_shutdown(), but the original
socket might have been closed,
in which case SSL_shutdown() (and @io.close) should not be called
either.

The attached patch fixes these problems.
This topic is locked and can not be replied to.