You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/10/18 16:55:18 UTC
[trafficserver] branch 7.1.x updated: Checking the retval of
safe_getsockname() and safe_getpeername()
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new 2869362 Checking the retval of safe_getsockname() and safe_getpeername()
2869362 is described below
commit 2869362822afa5c05194f3536938352f79856153
Author: Oknet Xu <xu...@skyguard.com.cn>
AuthorDate: Thu Aug 24 22:44:48 2017 +0800
Checking the retval of safe_getsockname() and safe_getpeername()
(cherry picked from commit 49f1f17531c821389661f80861b112ac893c5d22)
---
iocore/net/SSLNetVConnection.cc | 21 +++++++++++++--------
iocore/net/SSLUtils.cc | 13 ++++++++-----
2 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 9b389a2..2ebe79a 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -935,17 +935,22 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
case SSL_EVENT_SERVER:
if (this->ssl == nullptr) {
SSLCertificateConfig::scoped_config lookup;
- IpEndpoint ip;
- int namelen = sizeof(ip);
- safe_getsockname(this->get_socket(), &ip.sa, &namelen);
- SSLCertContext *cc = lookup->find(ip);
+ IpEndpoint dst;
+ int namelen = sizeof(dst);
+ if (0 != safe_getsockname(this->get_socket(), &dst.sa, &namelen)) {
+ Debug("ssl", "Failed to get dest ip, errno = [%d]", errno);
+ return EVENT_ERROR;
+ }
+ SSLCertContext *cc = lookup->find(dst);
if (is_debug_tag_set("ssl")) {
- IpEndpoint src, dst;
+ IpEndpoint src;
ip_port_text_buffer ipb1, ipb2;
- int ip_len;
+ int ip_len = sizeof(src);
- safe_getsockname(this->get_socket(), &dst.sa, &(ip_len = sizeof ip));
- safe_getpeername(this->get_socket(), &src.sa, &(ip_len = sizeof ip));
+ if (0 != safe_getpeername(this->get_socket(), &src.sa, &ip_len)) {
+ Debug("ssl", "Failed to get src ip, errno = [%d]", errno);
+ return EVENT_ERROR;
+ }
ats_ip_nptop(&dst, ipb1, sizeof(ipb1));
ats_ip_nptop(&src, ipb2, sizeof(ipb2));
Debug("ssl", "IP context is %p for [%s] -> [%s], default context %p", cc, ipb2, ipb1, lookup->defaultContext());
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 1fbbac6..f39c998 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -339,8 +339,9 @@ set_context_cert(SSL *ssl)
IpEndpoint ip;
int namelen = sizeof(ip);
- safe_getsockname(netvc->get_socket(), &ip.sa, &namelen);
- cc = lookup->find(ip);
+ if (0 == safe_getsockname(netvc->get_socket(), &ip.sa, &namelen)) {
+ cc = lookup->find(ip);
+ }
if (cc && cc->ctx)
ctx = cc->ctx;
}
@@ -2062,9 +2063,11 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
// Get the IP address to look up the keyblock
IpEndpoint ip;
- int namelen = sizeof(ip);
- safe_getsockname(netvc->get_socket(), &ip.sa, &namelen);
- SSLCertContext *cc = lookup->find(ip);
+ int namelen = sizeof(ip);
+ SSLCertContext *cc = nullptr;
+ if (0 == safe_getsockname(netvc->get_socket(), &ip.sa, &namelen)) {
+ cc = lookup->find(ip);
+ }
ssl_ticket_key_block *keyblock = nullptr;
if (cc == nullptr || cc->keyblock == nullptr) {
// Try the default
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].