[brpc] branch master updated: fix core when enable SSL (#2180)

Sat, 24 Jun 2023 23:29:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

wwbmmm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brpc.git


The following commit(s) were added to refs/heads/master by this push:
     new b4fecace fix core when enable SSL (#2180)
b4fecace is described below

commit b4fecace384951638e0d092629e7ac922e9b609d
Author: warriorpaw <[email protected]>
AuthorDate: Sun Jun 25 14:29:06 2023 +0800

    fix core when enable SSL (#2180)
---
 src/brpc/socket.cpp | 15 ++++++++++++---
 src/brpc/socket.h   |  3 +++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp
index 259e09ca..e0a69422 100644
--- a/src/brpc/socket.cpp
+++ b/src/brpc/socket.cpp
@@ -1569,6 +1569,7 @@ X509* Socket::GetPeerCertificate() const {
     if (ssl_state() != SSL_CONNECTED) {
         return NULL;
     }
+    BAIDU_SCOPED_LOCK(_ssl_session_mutex);
     return SSL_get_peer_certificate(_ssl_session);
 }
 
@@ -1879,11 +1880,15 @@ ssize_t Socket::DoWrite(WriteRequest* req) {
     CHECK_EQ(SSL_CONNECTED, ssl_state());
     if (_conn) {
         // TODO: Separate SSL stuff from SocketConnection
+        BAIDU_SCOPED_LOCK(_ssl_session_mutex);
         return _conn->CutMessageIntoSSLChannel(_ssl_session, data_list, ndata);
     }
     int ssl_error = 0;
-    ssize_t nw = butil::IOBuf::cut_multiple_into_SSL_channel(
-        _ssl_session, data_list, ndata, &ssl_error);
+    ssize_t nw = 0;
+    {
+        BAIDU_SCOPED_LOCK(_ssl_session_mutex);
+        nw = butil::IOBuf::cut_multiple_into_SSL_channel(_ssl_session, 
data_list, ndata, &ssl_error);
+    }
     switch (ssl_error) {
     case SSL_ERROR_NONE:
         break;
@@ -2027,7 +2032,11 @@ ssize_t Socket::DoRead(size_t size_hint) {
 
     CHECK_EQ(SSL_CONNECTED, ssl_state());
     int ssl_error = 0;
-    ssize_t nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, 
size_hint);
+    ssize_t nr = 0;
+    {
+        BAIDU_SCOPED_LOCK(_ssl_session_mutex);
+        nr = _read_buf.append_from_SSL_channel(_ssl_session, &ssl_error, 
size_hint);
+    }
     switch (ssl_error) {
     case SSL_ERROR_NONE:  // `nr' > 0
         break;
diff --git a/src/brpc/socket.h b/src/brpc/socket.h
index cc77168f..bd753f60 100644
--- a/src/brpc/socket.h
+++ b/src/brpc/socket.h
@@ -827,6 +827,9 @@ private:
     AuthContext* _auth_context;
 
     SSLState _ssl_state;
+    // SSL objects cannot be read and written at the same time.
+    // Use mutex to protect SSL objects when ssl_state is SSL_CONNECTED.
+    mutable butil::Mutex _ssl_session_mutex;
     SSL* _ssl_session;               // owner
     std::shared_ptr<SocketSSLContext> _ssl_ctx;
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to