Merge branch 'artem-tls-doh-listeners-avoid-acessing-non-atomic-flags-on-handshake-or-accept' into 'main'

TLS and DoH: Avoid accessing non-atomic listener socket flags during HS/when accepting a caonnection See merge request isc-projects/bind9!7155
2022-12-02 11:18:56 +00:00
parent fc991fa79d 8b7e123528
commit 69db33e7a5
2 changed files with 28 additions and 5 deletions
--- a/lib/isc/netmgr/http.c
+++ b/lib/isc/netmgr/http.c
@@ -2459,7 +2459,9 @@ httplisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
 	 * function gets invoked, so we need to do extra sanity checks to
 	 * detect this case.
 	 */
-	if (isc__nmsocket_closing(handle->sock) || httpserver == NULL) {
+	if (isc__nm_closing(handle->sock->worker)) {
+		return (ISC_R_SHUTTINGDOWN);
+	} else if (isc__nmsocket_closing(handle->sock) || httpserver == NULL) {
 		return (ISC_R_CANCELED);
 	}

@@ -2471,9 +2473,7 @@ httplisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
 	REQUIRE(VALID_NMSOCK(httplistensock));
 	INSIST(httplistensock == httpserver);

-	if (isc__nmsocket_closing(httplistensock) ||
-	    !atomic_load(&httplistensock->listening))
-	{
+	if (atomic_load(&httplistensock->closing)) {
 		return (ISC_R_CANCELED);
 	}

--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -351,7 +351,30 @@ tls_try_handshake(isc_nmsocket_t *sock, isc_result_t *presult) {
 		tlshandle = isc__nmhandle_get(sock, &sock->peer, &sock->iface);
 		tls_read_stop(sock);
 		if (sock->tlsstream.server) {
-			if (isc__nmsocket_closing(sock->listener)) {
+			/*
+			 * We need to check for 'sock->listener->closing' to
+			 * make sure that we are not breaking the contract by
+			 * calling an accept callback after the listener socket
+			 * was shot down. Also, in this case the accept callback
+			 * can be 'NULL'. That can happen as calling the accept
+			 * callback in TLS is deferred until handshake is done.
+			 * There is a possibility for that to happen *after* the
+			 * underlying TCP connection was accepted. That is, a
+			 * situation possible when the underlying TCP connection
+			 * was accepted, handshake related data transmission
+			 * took place, but in the middle of that the socket is
+			 * being shot down before the TLS accept callback could
+			 * have been called.
+			 *
+			 * Also see 'isc__nmsocket_stop()' - the function used
+			 * to shut down the listening TLS socket - for more
+			 * details.
+			 */
+			if (isc__nm_closing(sock->worker)) {
+				result = ISC_R_SHUTTINGDOWN;
+			} else if (isc__nmsocket_closing(sock) ||
+				   atomic_load(&sock->listener->closing))
+			{
 				result = ISC_R_CANCELED;
 			} else {
 				result = sock->listener->accept_cb(