<p>under has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11419">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">core/tcptls: fix double socket close() on failed connection to offline TCP peer<br><br>* Eliminate double socket close() on failed connection to offline TCP peer<br>  by removing close() from ast_tcptls_client_start().<br>  1st time socket is closed inside ast_tcptls_client_start().<br>  2nd time socket is closed inside ast_iostream_close(),<br>  when invoked from session_instance_destructor().<br>  Double socket close() is extremely bad,<br>  because after 1st close() the socket FD could be re-used<br>  by some other Asterisk thread.<br>  And 2nd close() will close the FD in a totally different thread,<br>  causing issues in it: asserts, call hangups, and other unpredictable things.<br><br>* Eliminate using desc->accept_fd in ast_tcptls_client_start()<br>  and ast_tcptls_client_create().<br>  TCP accept() is relevant only to TCP server code,<br>  and is not relevant to TCP client code.<br>  Therefore usage of accept_fd in TCP client code<br>  might confuse whoever reads the code.<br><br>* Eliminate saving socket FD in desc->accept_fd<br>  after ast_iostream_from_fd() has been invoked.<br>  ast_iostream_from_fd() has "socket FD ownership transfer" semantics.<br>  Therefore, saving FD elsewhere besides iostream breaks<br>  FD incapsulation inside iostream,<br>  and makes possible future double close() issues.<br><br>ASTERISK-28430 #close<br><br>Change-Id: Idf0f7f5b4b304c37e89ef8352cbf976bebf96342<br>---<br>M main/tcptls.c<br>1 file changed, 14 insertions(+), 13 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/19/11419/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/main/tcptls.c b/main/tcptls.c</span><br><span>index 7930c50..eb02f75 100644</span><br><span>--- a/main/tcptls.c</span><br><span>+++ b/main/tcptls.c</span><br><span>@@ -549,7 +549,13 @@</span><br><span>                 goto client_start_error;</span><br><span>     }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   if (ast_connect(desc->accept_fd, &desc->remote_address)) {</span><br><span style="color: hsl(120, 100%, 40%);">+  if (!tcptls_session->stream) {</span><br><span style="color: hsl(120, 100%, 40%);">+             /* We shouldn't be here if stream is not allocated */</span><br><span style="color: hsl(120, 100%, 40%);">+             ast_assert(0);</span><br><span style="color: hsl(120, 100%, 40%);">+                goto client_start_error;</span><br><span style="color: hsl(120, 100%, 40%);">+      }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+   if (ast_connect(ast_iostream_get_fd(tcptls_session->stream), &desc->remote_address)) {</span><br><span>             ast_log(LOG_ERROR, "Unable to connect %s to %s: %s\n",</span><br><span>                     desc->name,</span><br><span>                       ast_sockaddr_stringify(&desc->remote_address),</span><br><span>@@ -557,7 +563,7 @@</span><br><span>          goto client_start_error;</span><br><span>     }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   ast_fd_clear_flags(desc->accept_fd, O_NONBLOCK);</span><br><span style="color: hsl(120, 100%, 40%);">+   ast_fd_clear_flags(ast_iostream_get_fd(tcptls_session->stream), O_NONBLOCK);</span><br><span> </span><br><span>  if (desc->tls_cfg) {</span><br><span>              desc->tls_cfg->enabled = 1;</span><br><span>@@ -567,10 +573,6 @@</span><br><span>     return handle_tcptls_connection(tcptls_session);</span><br><span> </span><br><span> client_start_error:</span><br><span style="color: hsl(0, 100%, 40%);">-     if (desc) {</span><br><span style="color: hsl(0, 100%, 40%);">-             close(desc->accept_fd);</span><br><span style="color: hsl(0, 100%, 40%);">-              desc->accept_fd = -1;</span><br><span style="color: hsl(0, 100%, 40%);">-        }</span><br><span>    ao2_ref(tcptls_session, -1);</span><br><span>         return NULL;</span><br><span> </span><br><span>@@ -594,9 +596,9 @@</span><br><span>               close(desc->accept_fd);</span><br><span>   }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?</span><br><span style="color: hsl(0, 100%, 40%);">-                                 AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);</span><br><span style="color: hsl(0, 100%, 40%);">-    if (desc->accept_fd < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+      fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?</span><br><span style="color: hsl(120, 100%, 40%);">+                  AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);</span><br><span style="color: hsl(120, 100%, 40%);">+    if (fd < 0) {</span><br><span>             ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",</span><br><span>                       desc->name, strerror(errno));</span><br><span>             return NULL;</span><br><span>@@ -606,8 +608,8 @@</span><br><span>      originate from the desired address */</span><br><span>     if (!ast_sockaddr_isnull(&desc->local_address) &&</span><br><span>         !ast_sockaddr_is_any(&desc->local_address)) {</span><br><span style="color: hsl(0, 100%, 40%);">-                setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));</span><br><span style="color: hsl(0, 100%, 40%);">-            if (ast_bind(desc->accept_fd, &desc->local_address)) {</span><br><span style="color: hsl(120, 100%, 40%);">+              setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));</span><br><span style="color: hsl(120, 100%, 40%);">+          if (ast_bind(fd, &desc->local_address)) {</span><br><span>                     ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",</span><br><span>                                desc->name,</span><br><span>                               ast_sockaddr_stringify(&desc->local_address),</span><br><span>@@ -641,8 +643,7 @@</span><br><span>   return tcptls_session;</span><br><span> </span><br><span> error:</span><br><span style="color: hsl(0, 100%, 40%);">-    close(desc->accept_fd);</span><br><span style="color: hsl(0, 100%, 40%);">-      desc->accept_fd = -1;</span><br><span style="color: hsl(120, 100%, 40%);">+      close(fd);</span><br><span>   ao2_cleanup(tcptls_session);</span><br><span>         return NULL;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11419">change 11419</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11419"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: Idf0f7f5b4b304c37e89ef8352cbf976bebf96342 </div>
<div style="display:none"> Gerrit-Change-Number: 11419 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: under <under@list.ru> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>