ss: sspc: enforce not allowed to call lws_ss[pc]_destroy from callbacks

For both ss and sspc, enforce at runtime that user code cannot call lws_ss[pc]_destroy on a handle from a callback. The error indicates the remedy (return DESTROY_ME) and asserts.
2025-03-09 00:00:04 +01:00 · 2021-06-23 16:50:23 +01:00 · 2021-06-23 16:50:23 +01:00 · a095e6c60b
commit a095e6c60b
parent 5ea9194378
3 changed files with 30 additions and 1 deletions
--- a/lib/secure-streams/private-lib-secure-streams.h
+++ b/lib/secure-streams/private-lib-secure-streams.h
@ -84,6 +84,7 @@ typedef struct lws_ss_handle {
 	struct lwsac            *imd_ac;           /**< for get custom header */
 #endif
 	const lws_ss_policy_t	*rideshare;
+	struct lws_ss_handle	*h_in_svc;

 #if defined(LWS_WITH_CONMON)
 	char			*conmon_json;
@ -317,6 +318,12 @@ typedef struct lws_sspc_handle {
 	struct lws_dsh		*dsh;
 	struct lws_context	*context;

+	struct lws_sspc_handle	*h_in_svc;
+	/*
+	 * Used to detect illegal lws_sspc_destroy() calls while still
+	 * being serviced
+	 */
+
 	lws_usec_t		us_earliest_write_req;

 	unsigned long		writeable_len;
--- a/lib/secure-streams/secure-streams-client.c
+++ b/lib/secure-streams/secure-streams-client.c
@ -23,6 +23,8 @@ lws_ss_state_return_t
 lws_sspc_event_helper(lws_sspc_handle_t *h, lws_ss_constate_t cs,
 		      lws_ss_tx_ordinal_t flags)
 {
+	lws_ss_state_return_t ret;
+
 	if (!h)
 		return LWSSSSRET_OK;

@ -32,7 +34,11 @@ lws_sspc_event_helper(lws_sspc_handle_t *h, lws_ss_constate_t cs,
 	if (!h->ssi.state)
 		return LWSSSSRET_OK;

-	return h->ssi.state((void *)((uint8_t *)&h[1]), NULL, cs, flags);
+	h->h_in_svc = h;
+	ret = h->ssi.state((void *)((uint8_t *)&h[1]), NULL, cs, flags);
+	h->h_in_svc = NULL;
+
+	return ret;
 }

 static void
@ -652,6 +658,13 @@ lws_sspc_destroy(lws_sspc_handle_t **ph)

 	h = *ph;

+	if (h == h->h_in_svc) {
+		lwsl_err("%s: illegal destroy, return LWSSSSRET_DESTROY_ME instead\n",
+				__func__);
+		assert(0);
+		return;
+	}
+
 	if (h->destroying)
 		return;

--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@ -357,9 +357,11 @@ lws_ss_event_helper(lws_ss_handle_t *h, lws_ss_constate_t cs)
 #endif

 	if (h->info.state) {
+		h->h_in_svc = h;
 		r = h->info.state(ss_to_userobj(h), NULL, cs,
 			cs == LWSSSCS_UNREACHABLE &&
 			h->wsi && h->wsi->dns_reachability);
+		h->h_in_svc = NULL;
 #if defined(LWS_WITH_SERVER)
 		if ((h->info.flags & LWSSSINFLAGS_ACCEPTED) &&
 		    cs == LWSSSCS_DISCONNECTED)
@ -1259,6 +1261,13 @@ lws_ss_destroy(lws_ss_handle_t **ppss)
 	if (!h)
 		return;

+	if (h == h->h_in_svc) {
+		lwsl_err("%s: illegal destroy, return LWSSSSRET_DESTROY_ME instead\n",
+				__func__);
+		assert(0);
+		return;
+	}
+
 	if (h->destroying) {
 		lwsl_info("%s: reentrant destroy\n", __func__);
 		return;