fix(core): Fix issue on file descriptors where TLS packet is sent on …

…invalid file descriptor when reusing fd
Alinto · Nov 14, 2023 · 8ac29ca · 8ac29ca
1 parent 4cf26f5
commit 8ac29ca
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 15 deletions.
diff --git a/sope-appserver/NGObjWeb/WOWatchDogApplicationMain.m b/sope-appserver/NGObjWeb/WOWatchDogApplicationMain.m
@@ -443,6 +443,8 @@ - (void) receivedEvent: (void*)data
                                        type: ET_RDESC
                                     forMode: NSDefaultRunLoopMode
                                         all: YES];
+    /* valid descriptor, but not alive .. so we close the socket */
+    [controlSocket shutdown];
     [self setControlSocket: nil];
   }
 }

diff --git a/sope-core/NGStreams/NGActiveSSLSocket.m b/sope-core/NGStreams/NGActiveSSLSocket.m
@@ -413,12 +413,16 @@ - (BOOL)shutdown {
 
   if (self->session) {
     int ret;
-    LOOP_CHECK(ret, gnutls_bye((gnutls_session_t)self->session, GNUTLS_SHUT_RDWR));
+    if (NGInvalidSocketDescriptor != self->fd) {
+      LOOP_CHECK(ret, gnutls_bye((gnutls_session_t)self->session, GNUTLS_SHUT_RDWR));
+    }
     gnutls_deinit((gnutls_session_t) self->session);
     self->session = NULL;
   }
   if (self->cred) {
-    gnutls_certificate_free_credentials((gnutls_certificate_credentials_t) self->cred);
+    if (NGInvalidSocketDescriptor != self->fd) {
+      gnutls_certificate_free_credentials((gnutls_certificate_credentials_t) self->cred);
+    }
     self->cred = NULL;
   }
   return [super shutdown];
@@ -656,11 +660,13 @@ - (BOOL) startTLS
 
 - (BOOL)shutdown {
   if (self->ssl) {
-    int ret = SSL_shutdown(self->ssl);
-    // call shutdown a second time
-    if (ret == 0)
-      SSL_shutdown(self->ssl);
-    SSL_free(self->ssl);
+    if (NGInvalidSocketDescriptor != self->fd) {
+      int ret = SSL_shutdown(self->ssl);
+      // call shutdown a second time
+      if (ret == 0)
+        SSL_shutdown(self->ssl);
+      SSL_free(self->ssl);
+    }
     self->ssl = NULL;
   }
   if (self->ctx) {

diff --git a/sope-core/NGStreams/NGActiveSocket.m b/sope-core/NGStreams/NGActiveSocket.m
@@ -690,14 +690,6 @@ - (BOOL)isAlive {
   }
 
  notAlive:
-  /* valid descriptor, but not alive .. so we close the socket */
-#if defined(WIN32) && !defined(__CYGWIN32__)
-  closesocket(self->fd);
-#else
-  close(self->fd);
-#endif
-  self->fd = NGInvalidSocketDescriptor;
-  DESTROY(self->remoteAddress);
   return NO;
 }
 

diff --git a/sope-mime/NGImap4/NGImap4Client.m b/sope-mime/NGImap4/NGImap4Client.m
@@ -482,7 +482,9 @@ - (void)closeConnection {
   self->text = nil;
 
   NS_DURING
+    [self->socket shutdown];
     [self->socket close];
+    [self->previous_socket shutdown];
     [self->previous_socket close];
   NS_HANDLER
     [[self _handleSocketCloseException:localException] raise];