You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2020/04/24 22:09:50 UTC

[mesos] 05/06: Fixed a bug where OpenSSLSocketImpl accept loop can silently stop.

This is an automated email from the ASF dual-hosted git repository.

bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 5cd3f11733856d85605609cadf80a8a51d0bb4e0
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Fri Apr 10 17:15:27 2020 -0400

    Fixed a bug where OpenSSLSocketImpl accept loop can silently stop.
    
    The accept loop was chaining the loop body Future on the result of
    io::poll/io::read, which meant that any failed poll/read would cause
    the loop body to return a failed future and the loop to stop running.
    
    This would lead to the server socket silently no longer accepting
    incoming connections.
    
    Review: https://reviews.apache.org/r/72352
---
 3rdparty/libprocess/src/ssl/openssl_socket.cpp | 29 +++++++++++++-------------
 3rdparty/libprocess/src/ssl/openssl_socket.hpp |  3 +--
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/3rdparty/libprocess/src/ssl/openssl_socket.cpp b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
index f03a34f..31dc4a2 100644
--- a/3rdparty/libprocess/src/ssl/openssl_socket.cpp
+++ b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
@@ -559,11 +559,11 @@ Future<std::shared_ptr<SocketImpl>> OpenSSLSocketImpl::accept()
         [weak_self]() -> Future<std::shared_ptr<SocketImpl>> {
           std::shared_ptr<OpenSSLSocketImpl> self(weak_self.lock());
 
-          if (self != nullptr) {
-            return self->PollSocketImpl::accept();
+          if (self == nullptr) {
+            return Failure("Socket destructed");
           }
 
-          return Failure("Socket destructed");
+          return self->PollSocketImpl::accept();
         },
         [weak_self](const std::shared_ptr<SocketImpl>& socket)
             -> Future<ControlFlow<Nothing>> {
@@ -577,12 +577,12 @@ Future<std::shared_ptr<SocketImpl>> OpenSSLSocketImpl::accept()
           // socket to become readable. We will then MSG_PEEK it to test
           // whether we want to dispatch as SSL or non-SSL.
           if (openssl::flags().support_downgrade) {
-            return io::poll(socket->get(), process::io::READ)
-              .then([weak_self, socket]() -> Future<ControlFlow<Nothing>> {
+            io::poll(socket->get(), process::io::READ)
+              .onReady([weak_self, socket]() {
                 std::shared_ptr<OpenSSLSocketImpl> self(weak_self.lock());
 
                 if (self == nullptr) {
-                  return Break();
+                  return;
                 }
 
                 char data[6];
@@ -624,15 +624,16 @@ Future<std::shared_ptr<SocketImpl>> OpenSSLSocketImpl::accept()
                 }
 
                 if (ssl) {
-                  return self->handle_accept_callback(socket);
+                  self->handle_accept_callback(socket);
                 } else {
                   self->accept_queue.put(socket);
-                  return Continue();
                 }
               });
+          } else {
+            self->handle_accept_callback(socket);
           }
 
-          return self->handle_accept_callback(socket);
+          return Continue();
         });
 
     accept_loop_started.done();
@@ -708,7 +709,7 @@ Try<Nothing, SocketError> OpenSSLSocketImpl::shutdown(int how)
 }
 
 
-Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
+void OpenSSLSocketImpl::handle_accept_callback(
     const std::shared_ptr<SocketImpl>& socket)
 {
   // Wrap this new socket up into our SSL wrapper class by releasing
@@ -720,7 +721,7 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
   SSL* accept_ssl = SSL_new(openssl::context());
   if (accept_ssl == nullptr) {
     accept_queue.put(Failure("Accept failed, SSL_new"));
-    return Continue();
+    return;
   }
 
   Try<Address> peer_address = network::peer(ssl_socket->get());
@@ -728,7 +729,7 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
     SSL_free(accept_ssl);
     accept_queue.put(
         Failure("Failed to determine peer IP: " + peer_address.error()));
-    return Continue();
+    return;
   }
 
   // NOTE: Right now, `openssl::configure_socket` does not do anything
@@ -742,7 +743,7 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
     accept_queue.put(
         Failure("Failed to openssl::configure_socket for " +
                 stringify(*peer_address) + ": " + configured.error()));
-    return Continue();
+    return;
   }
 
   // Set the SSL context in server mode.
@@ -807,8 +808,6 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
 
       self->accept_queue.put(ssl_socket);
     });
-
-  return Continue();
 }
 
 
diff --git a/3rdparty/libprocess/src/ssl/openssl_socket.hpp b/3rdparty/libprocess/src/ssl/openssl_socket.hpp
index 0528c03..2fe0f05 100644
--- a/3rdparty/libprocess/src/ssl/openssl_socket.hpp
+++ b/3rdparty/libprocess/src/ssl/openssl_socket.hpp
@@ -58,8 +58,7 @@ protected:
   // Verifies incoming sockets and initiates the SSL handshake.
   // Upon completion or failure of the SSL handshake, the peer socket
   // (or Failure object) will be enqueued on the server socket's accept queue.
-  Future<ControlFlow<Nothing>> handle_accept_callback(
-      const std::shared_ptr<SocketImpl>& socket);
+  void handle_accept_callback(const std::shared_ptr<SocketImpl>& socket);
 
   // Takes ownership of the given SSL object and performs an SSL handshake
   // with the context of the SSL object. Either `SSL_set_connect_state`