<p>under has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11419">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">core/tcptls: fix double socket close() on failed connection to offline TCP peer<br><br>* Eliminate double socket close() on failed connection to offline TCP peer<br> by removing close() from ast_tcptls_client_start().<br> 1st time socket is closed inside ast_tcptls_client_start().<br> 2nd time socket is closed inside ast_iostream_close(),<br> when invoked from session_instance_destructor().<br> Double socket close() is extremely bad,<br> because after 1st close() the socket FD could be re-used<br> by some other Asterisk thread.<br> And 2nd close() will close the FD in a totally different thread,<br> causing issues in it: asserts, call hangups, and other unpredictable things.<br><br>* Eliminate using desc->accept_fd in ast_tcptls_client_start()<br> and ast_tcptls_client_create().<br> TCP accept() is relevant only to TCP server code,<br> and is not relevant to TCP client code.<br> Therefore usage of accept_fd in TCP client code<br> might confuse whoever reads the code.<br><br>* Eliminate saving socket FD in desc->accept_fd<br> after ast_iostream_from_fd() has been invoked.<br> ast_iostream_from_fd() has "socket FD ownership transfer" semantics.<br> Therefore, saving FD elsewhere besides iostream breaks<br> FD incapsulation inside iostream,<br> and makes possible future double close() issues.<br><br>ASTERISK-28430 #close<br><br>Change-Id: Idf0f7f5b4b304c37e89ef8352cbf976bebf96342<br>---<br>M main/tcptls.c<br>1 file changed, 14 insertions(+), 13 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/19/11419/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/main/tcptls.c b/main/tcptls.c</span><br><span>index 7930c50..eb02f75 100644</span><br><span>--- a/main/tcptls.c</span><br><span>+++ b/main/tcptls.c</span><br><span>@@ -549,7 +549,13 @@</span><br><span> goto client_start_error;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (ast_connect(desc->accept_fd, &desc->remote_address)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!tcptls_session->stream) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* We shouldn't be here if stream is not allocated */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_assert(0);</span><br><span style="color: hsl(120, 100%, 40%);">+ goto client_start_error;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_connect(ast_iostream_get_fd(tcptls_session->stream), &desc->remote_address)) {</span><br><span> ast_log(LOG_ERROR, "Unable to connect %s to %s: %s\n",</span><br><span> desc->name,</span><br><span> ast_sockaddr_stringify(&desc->remote_address),</span><br><span>@@ -557,7 +563,7 @@</span><br><span> goto client_start_error;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- ast_fd_clear_flags(desc->accept_fd, O_NONBLOCK);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_fd_clear_flags(ast_iostream_get_fd(tcptls_session->stream), O_NONBLOCK);</span><br><span> </span><br><span> if (desc->tls_cfg) {</span><br><span> desc->tls_cfg->enabled = 1;</span><br><span>@@ -567,10 +573,6 @@</span><br><span> return handle_tcptls_connection(tcptls_session);</span><br><span> </span><br><span> client_start_error:</span><br><span style="color: hsl(0, 100%, 40%);">- if (desc) {</span><br><span style="color: hsl(0, 100%, 40%);">- close(desc->accept_fd);</span><br><span style="color: hsl(0, 100%, 40%);">- desc->accept_fd = -1;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span> ao2_ref(tcptls_session, -1);</span><br><span> return NULL;</span><br><span> </span><br><span>@@ -594,9 +596,9 @@</span><br><span> close(desc->accept_fd);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?</span><br><span style="color: hsl(0, 100%, 40%);">- AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);</span><br><span style="color: hsl(0, 100%, 40%);">- if (desc->accept_fd < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?</span><br><span style="color: hsl(120, 100%, 40%);">+ AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (fd < 0) {</span><br><span> ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",</span><br><span> desc->name, strerror(errno));</span><br><span> return NULL;</span><br><span>@@ -606,8 +608,8 @@</span><br><span> originate from the desired address */</span><br><span> if (!ast_sockaddr_isnull(&desc->local_address) &&</span><br><span> !ast_sockaddr_is_any(&desc->local_address)) {</span><br><span style="color: hsl(0, 100%, 40%);">- setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));</span><br><span style="color: hsl(0, 100%, 40%);">- if (ast_bind(desc->accept_fd, &desc->local_address)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_bind(fd, &desc->local_address)) {</span><br><span> ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",</span><br><span> desc->name,</span><br><span> ast_sockaddr_stringify(&desc->local_address),</span><br><span>@@ -641,8 +643,7 @@</span><br><span> return tcptls_session;</span><br><span> </span><br><span> error:</span><br><span style="color: hsl(0, 100%, 40%);">- close(desc->accept_fd);</span><br><span style="color: hsl(0, 100%, 40%);">- desc->accept_fd = -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ close(fd);</span><br><span> ao2_cleanup(tcptls_session);</span><br><span> return NULL;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11419">change 11419</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11419"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: Idf0f7f5b4b304c37e89ef8352cbf976bebf96342 </div>
<div style="display:none"> Gerrit-Change-Number: 11419 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: under <under@list.ru> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>