Patch: avoid closing nss stream before all scheduled reads end



	Hi,

	This patch chould avoid some crashes that happen when we PR_Close and
we have pending requests to read from the stream. With it we add a count
of pending reads, and don't allow to read anymore when a close has been
scheduled.

	The patch does not include the changelog entry, that would be like
this:
* libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c:
	* Protect PR_Reads and writes to avoid calls to PR_Close before one of
them. Should avoid some crashes and bad memory accesses.

-- 
José Dapena Paz <jdapena igalia com>
Igalia
Index: libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c	(revision 3640)
+++ libtinymail-camel/camel-lite/camel/camel-tcp-stream-ssl.c	(working copy)
@@ -96,9 +96,63 @@
 	guint32 flags;
 	gboolean accepted;
 	CamelService *service;
+	guint reads;
+	GMutex *reads_lock;
+	gboolean scheduled_close;
 };
 
+static gboolean
+begin_read (CamelTcpStreamSSL *stream)
+{
+	gboolean retval = TRUE;
 
+	g_mutex_lock (stream->priv->reads_lock);
+	if (stream->priv->scheduled_close) {
+		retval = FALSE;
+	} else {
+		stream->priv->reads ++;
+		camel_object_ref (stream);
+	}
+	g_mutex_unlock (stream->priv->reads_lock);
+	return retval;
+}
+
+static void
+end_read (CamelTcpStreamSSL *stream)
+{
+	gboolean close;
+	g_mutex_lock (stream->priv->reads_lock);
+	stream->priv->reads --;
+	close =  ((stream->priv->reads == 0) && (stream->priv->scheduled_close));
+	g_mutex_unlock (stream->priv->reads_lock);
+	if (close) {
+		PR_Shutdown (stream->priv->sockfd, PR_SHUTDOWN_BOTH);
+		PR_Close (stream->priv->sockfd);
+		stream->priv->sockfd = NULL;
+	}
+	camel_object_unref (stream);
+}
+
+static gint
+ssl_close (CamelTcpStreamSSL *stream)
+{
+	gboolean close;
+	g_mutex_lock (stream->priv->reads_lock);
+	close = ((stream->priv->reads == 0) && (stream->priv->sockfd != NULL));
+	if (stream->priv->sockfd != NULL)
+		stream->priv->scheduled_close = TRUE;
+	g_mutex_unlock (stream->priv->reads_lock);
+	if (close) {
+		PR_Shutdown (stream->priv->sockfd, PR_SHUTDOWN_BOTH);
+		if (PR_Close (stream->priv->sockfd) == PR_FAILURE) {
+			stream->priv->sockfd = NULL;
+			return -1;
+		}
+		stream->priv->sockfd = NULL;
+	}
+	return 0;
+}
+
 static void 
 ssl_enable_compress (CamelTcpStream *stream)
 {
@@ -144,6 +198,7 @@
 	CamelTcpStreamSSL *stream = CAMEL_TCP_STREAM_SSL (object);
 
 	stream->priv = g_new0 (struct _CamelTcpStreamSSLPrivate, 1);
+	stream->priv->reads_lock = g_mutex_new ();
 }
 
 static void
@@ -152,13 +207,14 @@
 	CamelTcpStreamSSL *stream = CAMEL_TCP_STREAM_SSL (object);
 
 	if (stream->priv->sockfd != NULL) {
-		PR_Shutdown (stream->priv->sockfd, PR_SHUTDOWN_BOTH);
-		PR_Close (stream->priv->sockfd);
+		ssl_close (stream);
 	}
 
 	if (stream->priv->session)
 		camel_object_unref(stream->priv->session);
 
+	g_mutex_free (stream->priv->reads_lock);
+
 	g_free (stream->priv->expected_host);
 
 	g_free (stream->priv);
@@ -220,6 +276,7 @@
 			str = g_strdup (g_get_tmp_dir ());
 		NSS_InitReadWrite (str);
 		has_init = TRUE;
+		g_free (str);
 	}
 
 	camel_object_ref(service->session);
@@ -361,7 +418,11 @@
 			return -1;
 		}
 
+		g_mutex_lock (ssl->priv->reads_lock);
 		ssl->priv->sockfd = fd;
+		ssl->priv->scheduled_close = FALSE;
+		ssl->priv->reads = 0;
+		g_mutex_unlock (ssl->priv->reads_lock);
 
 		if (SSL_ResetHandshake (fd, FALSE) == SECFailure) {
 			set_errno (PR_GetError ());
@@ -424,8 +485,11 @@
 		} else {
 			 do {
 				nread = -1;
-				if (PR_Available (tcp_stream_ssl->priv->sockfd) != 0)
-					nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
+				if (begin_read (tcp_stream_ssl)) {
+					if (PR_Available (tcp_stream_ssl->priv->sockfd) != 0)
+						nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
+					end_read (tcp_stream_ssl);
+				}
 				if (nread == -1)
 					set_errno (PR_GetError ());
 			 } while (0 && (nread == -1 && PR_GetError () == PR_PENDING_INTERRUPT_ERROR));
@@ -490,9 +554,13 @@
 #endif
 			} else {
 				do {
-					nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
-					if (nread == -1)
-						set_errno (PR_GetError ());
+					nread = -1;
+					if (begin_read (tcp_stream_ssl)) {
+						nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
+						if (nread == -1)
+							set_errno (PR_GetError ());
+						end_read (tcp_stream_ssl);
+					}
 				} while (nread == -1 && PR_GetError () == PR_PENDING_INTERRUPT_ERROR);
 			}
 		} while (nread == -1 && (PR_GetError () == PR_PENDING_INTERRUPT_ERROR ||
@@ -547,9 +615,13 @@
 				goto failed;
 			} else {
 				do {
-					nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
-					if (nread == -1)
-						set_errno (PR_GetError ());
+					nread = -1;
+					if (begin_read (tcp_stream_ssl)) {
+						nread = PR_Read (tcp_stream_ssl->priv->sockfd, buffer, n);
+						if (nread == -1)
+							set_errno (PR_GetError ());
+						end_read (tcp_stream_ssl);
+					}
 				} while (nread == -1 && PR_GetError () == PR_PENDING_INTERRUPT_ERROR);
 			}
 		} while (nread == -1 && (PR_GetError () == PR_PENDING_INTERRUPT_ERROR ||
@@ -618,9 +690,13 @@
 #endif
 			} else {
 				do {
-					w = PR_Write (tcp_stream_ssl->priv->sockfd, buffer + written, n - written);
-					if (w == -1)
-						set_errno (PR_GetError ());
+					w = -1;
+					if (begin_read (tcp_stream_ssl)) {
+						w = PR_Write (tcp_stream_ssl->priv->sockfd, buffer + written, n - written);
+						if (w == -1)
+							set_errno (PR_GetError ());
+						end_read (tcp_stream_ssl);
+					} 
 				} while (w == -1 && PR_GetError () == PR_PENDING_INTERRUPT_ERROR);
 
 				if (w == -1) {
@@ -680,9 +756,13 @@
 				errno = EINTR;
 			} else {
 				do {
-					w = PR_Write (tcp_stream_ssl->priv->sockfd, buffer + written, n - written);
-					if (w == -1)
-						set_errno (PR_GetError ());
+					w = -1;
+					if (begin_read (tcp_stream_ssl)) {
+						w = PR_Write (tcp_stream_ssl->priv->sockfd, buffer + written, n - written);
+						if (w == -1)
+							set_errno (PR_GetError ());
+						end_read (tcp_stream_ssl);
+					}
 				} while (w == -1 && PR_GetError () == PR_PENDING_INTERRUPT_ERROR);
 
 				if (w == -1) {
@@ -723,9 +803,7 @@
 		return -1;
 	}
 
-	PR_Shutdown (((CamelTcpStreamSSL *)stream)->priv->sockfd, PR_SHUTDOWN_BOTH);
-	if (PR_Close (((CamelTcpStreamSSL *)stream)->priv->sockfd) == PR_FAILURE)
-		return -1;
+	ssl_close ((CamelTcpStreamSSL *) stream);
 
 	((CamelTcpStreamSSL *)stream)->priv->sockfd = NULL;
 
@@ -1388,7 +1466,7 @@
 			errnosave = errno;
 			PR_Shutdown (fd, PR_SHUTDOWN_BOTH);
 			PR_Close (fd);
-			ssl->priv->sockfd = NULL;
+			/* ssl_close (ssl); */
 			errno = errnosave;
 
 			return -1;
@@ -1397,7 +1475,11 @@
 		errno = 0;
 	}
 
+	g_mutex_lock (ssl->priv->reads_lock);
+	ssl->priv->reads = 0;
+	ssl->priv->scheduled_close = FALSE;
 	ssl->priv->sockfd = fd;
+	g_mutex_unlock (ssl->priv->reads_lock);
 
 	return 0;
 }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]