1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

tls: fix inbalanced tls restrict borrow/return calls

lws_tls_restrict_borrow() returns error when tls restriction limit is
reached. However lws_ssl_close() still calls lws_tls_restrict_return()
to decrease simultaneous_ssl. Thus LWS accepts more than allowed ssl
links, making simultaneous_ssl_restriction useless.

Fix it by tracking lws_tls_restrict_borrow() return value and only
calling lws_tls_restrict_return() if lws_tls_restrict_borrow() is
successful.
This commit is contained in:
Bing Zhao 2021-07-04 14:25:36 -07:00 committed by Andy Green
parent ad3901d0fe
commit ff1b8ed0c9
6 changed files with 19 additions and 12 deletions

View file

@ -514,6 +514,11 @@ bail3:
#endif
bail1:
#if defined(LWS_WITH_TLS)
if (wsi->tls.ssl && wsi->tls_borrowed)
lws_tls_restrict_return(i->context);
#endif
lws_free_set_NULL(wsi->stash);
bail:
@ -523,11 +528,6 @@ bail:
bail2:
#endif
#if defined(LWS_WITH_TLS)
if (i->ssl_connection & LCCSCF_USE_SSL)
lws_tls_restrict_return(i->context);
#endif
if (i->pwsi)
*i->pwsi = NULL;

View file

@ -816,6 +816,7 @@ struct lws {
unsigned int client_bound_sspc:1;
unsigned int client_proxy_onward:1;
#endif
unsigned int tls_borrowed:1;
#ifdef LWS_WITH_ACCESS_LOG
unsigned int access_log_pending:1;

View file

@ -276,7 +276,8 @@ lws_ssl_close(struct lws *wsi)
SSL_free(wsi->tls.ssl);
wsi->tls.ssl = NULL;
lws_tls_restrict_return(wsi->a.context);
if (wsi->tls_borrowed)
lws_tls_restrict_return(wsi->a.context);
return 1; /* handled */
}

View file

@ -465,7 +465,8 @@ lws_ssl_close(struct lws *wsi)
SSL_free(wsi->tls.ssl);
wsi->tls.ssl = NULL;
lws_tls_restrict_return(wsi->a.context);
if (wsi->tls_borrowed)
lws_tls_restrict_return(wsi->a.context);
// lwsl_notice("%s: ssl restr %d, simul %d\n", __func__,
// wsi->a.context->simultaneous_ssl_restriction,

View file

@ -189,10 +189,12 @@ lws_client_create_tls(struct lws *wsi, const char **pcce, int do_c1)
}
#if defined(LWS_WITH_TLS)
if (!wsi->transaction_from_pipeline_queue &&
lws_tls_restrict_borrow(wsi->a.context)) {
*pcce = "tls restriction limit";
return CCTLS_RETURN_ERROR;
if (!wsi->transaction_from_pipeline_queue) {
if (lws_tls_restrict_borrow(wsi->a.context)) {
*pcce = "tls restriction limit";
return CCTLS_RETURN_ERROR;
}
wsi->tls_borrowed = 1;
}
#endif
}

View file

@ -148,12 +148,14 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd, char f
lwsl_err("%s: failed on ssl restriction\n", __func__);
return 1;
}
wsi->tls_borrowed = 1;
if (lws_tls_server_new_nonblocking(wsi, accept_fd)) {
lwsl_err("%s: failed on lws_tls_server_new_nonblocking\n", __func__);
if (accept_fd != LWS_SOCK_INVALID)
compatible_close(accept_fd);
lws_tls_restrict_return(context);
if (wsi->tls_borrowed)
lws_tls_restrict_return(context);
goto fail;
}