You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/12/14 13:07:46 UTC
[jira] [Commented] (TS-4075) segmentation fault due to reenable in
SNI Hook for a closed ssl connection
[ https://issues.apache.org/jira/browse/TS-4075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15055898#comment-15055898 ]
ASF GitHub Bot commented on TS-4075:
------------------------------------
GitHub user oknet opened a pull request:
https://github.com/apache/trafficserver/pull/374
TS-4075: add a state check for sslHandshakeHookState
Add a state check for sslHandshakeHookState after PreAcceptHookState checking in sslServerHandShakeEvent().
and modify the codes in reenable() and callHooks() to fit the patch
The Processing:
path A for normal handshake.
path B for ssl session reuse
1. client initial a tcp connection with ATS
2. ATS trigger a PreAccept Hooks
3. PreAccept Hooks Done
4a. client send a "Client Hello with Sever Cert Request"
5a. set handshakestate to CERT from PRE
6a. SSLAccept() got a "Server Cert Request" then trigger callHooks()
7a. set curHooks
8a. if curHook != NULL then set handshakestate to INVOKE and invoke hooks.
9a. reenable in Hooks A
10a. invoke Hook B and next Hooks ... until curHook == NULL
11a. set handshakestate to DONE
12. SSLAccept() handshake finished
4b. client send a "ssl session reuse request"
5b. set handshakestate to CERT from PRE
6b. SSLAccept() got a "ssl session reuse reques" then reuse session handshake finished
7b. set handshakestate to DONE from CERT
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/oknet/trafficserver patch-2
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/374.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #374
----
commit 0de7e196aadac090a412b720df7e5faf9183b5ba
Author: Oknet <xu...@gmail.com>
Date: 2015-12-14T12:00:45Z
TS-4075: add a state check for sslHandshakeHookState after PreAcceptHookState checking
Add a state check for sslHandshakeHookState after PreAcceptHookState checking in sslServerHandShakeEvent().
and modify the codes in reenable() and callHooks() to fit the patch
The Processing:
1. client initial a tcp connection with ATS
2. ATS trigger a PreAccept Hooks
3. PreAccept Hooks Done
4a. client send a "Client Hello with Sever Cert Request"
5a. set handshakestate to CERT from PRE
6a. SSLAccept() got a "Server Cert Request" then trigger callHooks()
7a. set curHooks
8a. if curHook != NULL then set handshakestate to INVOKE and invoke hooks.
9a. reenable in Hooks A
10a. invoke Hook B and next Hooks ... until curHook == NULL
11a. set handshakestate to DONE
12. SSLAccept() handshake finished
4b. client send a "ssl session reuse request"
5b. set handshakestate to CERT from PRE
6b. SSLAccept() got a "ssl session reuse reques" then reuse session handshake finished
7b. set handshakestate to DONE from CERT
----
> segmentation fault due to reenable in SNI Hook for a closed ssl connection
> --------------------------------------------------------------------------
>
> Key: TS-4075
> URL: https://issues.apache.org/jira/browse/TS-4075
> Project: Traffic Server
> Issue Type: Bug
> Reporter: Oknet Xu
>
> I'm writing a ssl hook to look up a cert from mysql database.
> the SNI Hook stall at fetch cert from mysql database due to a database dump lock every mid night.
> the SSL Client got timeout and closing the connection before SNI Hook reenable the connection.
> Segmentation fault due to the TSVConnSSLConnectionGet() can not get a SSLVC during reenable the SSLVC.
> {code}
> traffic_server: Segmentation fault (Address not mapped to object [(nil)])
> traffic_server - STACK TRACE:
> /usr/bin/traffic_server(crash_logger_invoke(int, siginfo_t*, void*)+0xa2)[0x2b90c9955b22]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x2b90cc1ea8d0]
> /usr/lib/x86_64-linux-gnu/libstdc++.so.6(__dynamic_cast+0x60)[0x2b90cc9c3020]
> /usr/bin/traffic_server(TSVConnSSLConnectionGet+0x1e)[0x2b90c997832e]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::reenable()+0x8c)[0x2b90d5fe29dc]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::destroy()+0xe5)[0x2b90d5fe2b85]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::handler_content(tsapi_vio*)+0x29b)[0x2b90d5fe34db]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::handler_read(TSEvent, tsapi_vio*)+0x36)[0x2b90d5fe3526]
> /usr/lib/trafficserver/modules/test-ssl.so(CertRequestContext::dispatch(tsapi_cont*, TSEvent, void*)+0x95)[0x2b90d5fe35e5]
> /usr/bin/traffic_server(PluginVC::process_read_side(bool)+0x366)[0x2b90c998b0a6]
> /usr/bin/traffic_server(PluginVC::process_write_side(bool)+0x5a9)[0x2b90c998ba49]
> /usr/bin/traffic_server(PluginVC::main_handler(int, void*)+0x371)[0x2b90c998e1c1]
> /usr/bin/traffic_server(EThread::process_event(Event*, int)+0x90)[0x2b90c9bc8620]
> /usr/bin/traffic_server(EThread::execute()+0x67f)[0x2b90c9bc922f]
> /usr/bin/traffic_server(+0x369a1a)[0x2b90c9bc7a1a]
> /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x2b90cc1e30a4]
> /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x2b90cd26704d]
> traffic_server: using root directory '/usr'
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)