Project

General

Profile

Actions

Backport #8240

closed

SSLSocket breaks other connections or files on GC

Added by shugo (Shugo Maeda) almost 11 years ago. Updated almost 11 years ago.


Description

When an OpenSSL::SSL::SSLSocket is recycled by GC, SSL_shutdown() is called,
and SSL_shutdown() sends a close-notify alert message.
However at the GC time, the original socket might have already been closed,
and thus its file descriptor might be reused for another socket or file.

This problem can be reproduced as follows:

$ cat t.rb
require "socket"
require "openssl"

loop do
sock = TCPSocket.new("localhost", 443)
GC.start
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
sock.close
end
$ ruby -v t.rb
ruby 2.1.0dev (2013-04-08 trunk 40183) [i686-linux]
t.rb:8:in connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError) from t.rb:8:in block in '
from t.rb:4:in loop' from t.rb:4:in '

An SSLError is raised because a close-notify alert message is sent to the server by GC
instead of a client hello message.
If the file descriptor is reused for a file, not a socket, the file would get broken.
This problem occurs rarely, but its impact is very serious.

IMHO, the free function of a DATA object should not do any task other than resource release.

Furthermore, SSLSocket#close calls SSL_shutdown(), but the original socket might have been closed,
in which case SSL_shutdown() (and @io.close) should not be called either.

The attached patch fixes these problems.


Files

openssl_invalid_shutdown_fix.diff (1.83 KB) openssl_invalid_shutdown_fix.diff shugo (Shugo Maeda), 04/09/2013 04:12 PM

Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #7584: Ruby hangs when shutting down an ssl connection in gc finalizationClosedMartinBosslet (Martin Bosslet)12/18/2012Actions
Related to Backport193 - Backport #8267: Please backport r40304 to avoid invalid SSL_shutdown()Closedusa (Usaku NAKAMURA)04/15/2013Actions
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0