<p>Sean Bright has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/13508">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">websocket: Consider pending SSL data when waiting for socket input<br><br>When TLS is in use, checking the readiness of the underlying FD is insufficient<br>for determining if there is data available to be read. So before polling the<br>FD, check if there is any buffered data in the TLS layer and use that first.<br><br>ASTERISK-28562 #close<br>Reported by: Robert Sutton<br><br>Change-Id: I95fcb3e2004700d5cf8e5ee04943f0115b15e10d<br>---<br>M include/asterisk/http_websocket.h<br>M include/asterisk/iostream.h<br>M main/iostream.c<br>M res/res_http_websocket.c<br>M res/res_pjsip_transport_websocket.c<br>5 files changed, 51 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/08/13508/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/asterisk/http_websocket.h b/include/asterisk/http_websocket.h</span><br><span>index 2180ef4..6fd2d0a 100644</span><br><span>--- a/include/asterisk/http_websocket.h</span><br><span>+++ b/include/asterisk/http_websocket.h</span><br><span>@@ -338,6 +338,20 @@</span><br><span> AST_OPTIONAL_API(int, ast_websocket_fd, (struct ast_websocket *session), { errno = ENOSYS; return -1;});</span><br><span> </span><br><span> /*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Wait for the WebSocket session to be ready to be read.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 16.8.0</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 17.2.0</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param session Pointer to the WebSocket session</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param timeout the number of milliseconds to wait</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval -1 if error occurred</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 0 if the timeout expired</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 1 if the WebSocket session is ready for reading</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+AST_OPTIONAL_API(int, ast_websocket_wait_for_input, (struct ast_websocket *session, int timeout), { errno = ENOSYS; return -1; });</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span> * \brief Get the remote address for a WebSocket connected session.</span><br><span> *</span><br><span> * \retval ast_sockaddr Remote address</span><br><span>diff --git a/include/asterisk/iostream.h b/include/asterisk/iostream.h</span><br><span>index 17376ea..602fefb 100644</span><br><span>--- a/include/asterisk/iostream.h</span><br><span>+++ b/include/asterisk/iostream.h</span><br><span>@@ -127,6 +127,20 @@</span><br><span> int ast_iostream_get_fd(struct ast_iostream *stream);</span><br><span> </span><br><span> /*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Wait for input on the iostream's file descriptor</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 16.8.0</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 17.2.0</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param stream A pointer to an iostream</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param timeout the number of milliseconds to wait</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval -1 if error occurred</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 0 if the timeout expired</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 1 if the stream is ready for reading</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+int ast_iostream_wait_for_input(struct ast_iostream *stream, int timeout);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span> * \brief Make an iostream non-blocking.</span><br><span> *</span><br><span> * \param stream A pointer to an iostream</span><br><span>diff --git a/main/iostream.c b/main/iostream.c</span><br><span>index 15131c0..d060b6d 100644</span><br><span>--- a/main/iostream.c</span><br><span>+++ b/main/iostream.c</span><br><span>@@ -86,6 +86,20 @@</span><br><span> return stream->fd;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+int ast_iostream_wait_for_input(struct ast_iostream *stream, int timeout)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(DO_SSL)</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Because SSL is read in blocks, it's possible that the last time we read we</span><br><span style="color: hsl(120, 100%, 40%);">+ got more than we asked for and it is now buffered inside OpenSSL. If that</span><br><span style="color: hsl(120, 100%, 40%);">+ is the case, calling ast_wait_for_input() will block until the fd is ready</span><br><span style="color: hsl(120, 100%, 40%);">+ for reading again, which might never happen. */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (stream->ssl && SSL_pending(stream->ssl)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ return ast_wait_for_input(stream->fd, timeout);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> void ast_iostream_nonblock(struct ast_iostream *stream)</span><br><span> {</span><br><span> ast_fd_set_flags(stream->fd, O_NONBLOCK);</span><br><span>diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c</span><br><span>index e79066b..63fccdd 100644</span><br><span>--- a/res/res_http_websocket.c</span><br><span>+++ b/res/res_http_websocket.c</span><br><span>@@ -427,6 +427,11 @@</span><br><span> return session->closing ? -1 : ast_iostream_get_fd(session->stream);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+int AST_OPTIONAL_API_NAME(ast_websocket_wait_for_input)(struct ast_websocket *session, int timeout)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return session->closing ? -1 : ast_iostream_wait_for_input(session->stream, timeout);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session)</span><br><span> {</span><br><span> return &session->remote_address;</span><br><span>@@ -545,8 +550,8 @@</span><br><span> break;</span><br><span> }</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- if (ast_wait_for_input(ast_iostream_get_fd(session->stream), 1000) < 0) {</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_ERROR, "ast_wait_for_input returned err: %s\n", strerror(errno));</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_iostream_wait_for_input(session->stream, 1000) < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "ast_iostream_wait_for_input returned err: %s\n", strerror(errno));</span><br><span> *opcode = AST_WEBSOCKET_OPCODE_CLOSE;</span><br><span> session->closing = 1;</span><br><span> ao2_unlock(session);</span><br><span>@@ -974,7 +979,7 @@</span><br><span> goto end;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- while ((res = ast_wait_for_input(ast_websocket_fd(session), -1)) > 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ while ((res = ast_websocket_wait_for_input(session, -1)) > 0) {</span><br><span> char *payload;</span><br><span> uint64_t payload_len;</span><br><span> enum ast_websocket_opcode opcode;</span><br><span>diff --git a/res/res_pjsip_transport_websocket.c b/res/res_pjsip_transport_websocket.c</span><br><span>index 6383f68..4f47a8c 100644</span><br><span>--- a/res/res_pjsip_transport_websocket.c</span><br><span>+++ b/res/res_pjsip_transport_websocket.c</span><br><span>@@ -392,7 +392,7 @@</span><br><span> transport = create_data.transport;</span><br><span> read_data.transport = transport;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- while (ast_wait_for_input(ast_websocket_fd(session), -1) > 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ while (ast_websocket_wait_for_input(session, -1) > 0) {</span><br><span> enum ast_websocket_opcode opcode;</span><br><span> int fragmented;</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/13508">change 13508</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/13508"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I95fcb3e2004700d5cf8e5ee04943f0115b15e10d </div>
<div style="display:none"> Gerrit-Change-Number: 13508 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Sean Bright <sean.bright@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>