tls: fix locking issues

OpenSIPS · Sep 30, 2015 · ff5ab68 · ff5ab68
1 parent b419b56
commit ff5ab68
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 20 deletions.
diff --git a/modules/proto_tls/proto_tls.c b/modules/proto_tls/proto_tls.c
@@ -227,7 +227,6 @@ static int tls_conn_init(struct tcp_connection* c)
 		LM_DBG("looking up socket based TLS server "
 			"domain [%s:%d]\n", ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
 		dom = tls_mgm_api.find_server_domain(&c->rcv.dst_ip, c->rcv.dst_port);
-		tls_mgm_api.acquire_domain(dom);
 		if (dom) {
 			LM_DBG("found socket based TLS server domain "
 				"[%s:%d]\n", ip_addr2a(&dom->addr), dom->port);
@@ -242,7 +241,6 @@ static int tls_conn_init(struct tcp_connection* c)
 		c->proto_flags = F_TLS_DO_CONNECT;
 
 		dom = tls_mgm_api.find_client_domain(&c->rcv.src_ip, c->rcv.src_port);
-		tls_mgm_api.acquire_domain(dom);
 		if (dom) {
 			c->extra_data = SSL_new(dom->ctx);
 			tls_mgm_api.release_domain(dom);

diff --git a/modules/tls_mgm/tls_domain.c b/modules/tls_mgm/tls_domain.c
@@ -48,28 +48,27 @@ rw_lock_t *dom_lock;
 struct tls_domain *tls_find_domain_by_id( str *id)
 {
 	struct tls_domain *d;
-	lock_start_read(dom_lock);
+	if (tls_db_enabled)
+		lock_start_read(dom_lock);
 	for (d=tls_server_domains ; d ; d=d->next ) {
-		if (id->len==d->id.len && memcmp(id->s,d->id.s,id->len)==0)
+		if (id->len==d->id.len && memcmp(id->s,d->id.s,id->len)==0) {
+			if (tls_db_enabled)
+				lock_stop_read(dom_lock);
 			return d;
+		}
 	}
 	for (d=tls_client_domains ; d ; d=d->next ) {
-		if (id->len==d->id.len && memcmp(id->s,d->id.s,id->len)==0)
+		if (id->len==d->id.len && memcmp(id->s,d->id.s,id->len)==0) {
+			if (tls_db_enabled)
+				lock_stop_read(dom_lock);
 			return d;
+		}
 	}
-	lock_stop_read(dom_lock);
+	if (tls_db_enabled)
+		lock_stop_read(dom_lock);
 	return NULL;
 }
 
-void tls_acquire_domain(struct tls_domain* dom)
-{
-	if (!dom || !tls_db_enabled || dom == &tls_default_server_domain ||
-		dom == &tls_default_client_domain)
-		return;
-	lock_start_write(dom_lock);
-	dom->refs++;
-	lock_stop_write(dom_lock);
-}
 
 void tls_release_domain_aux(struct tls_domain *dom)
 {
@@ -78,6 +77,8 @@ void tls_release_domain_aux(struct tls_domain *dom)
 		if (dom->name.s)
 			shm_free(dom->name.s);
 		SSL_CTX_free(dom->ctx);
+		lock_destroy(dom->lock);
+		lock_dealloc(dom->lock);
 		shm_free(dom);
 	}
 }
@@ -241,6 +242,12 @@ tls_find_server_domain(struct ip_addr *ip, unsigned short port)
 	while (p) {
 		if ((p->port == port) && ip_addr_cmp(&p->addr, ip)) {
 			LM_DBG("virtual TLS server domain found\n");
+			if (tls_db_enabled) {
+				lock_get(p->lock);
+				p->refs++;
+				lock_release(p->lock);
+				lock_stop_read(dom_lock);
+			}
 			return p;
 		}
 		p = p->next;
@@ -335,8 +342,17 @@ struct tls_domain *tls_find_client_domain(struct ip_addr *ip,
 			}
 		}
 	}
-	if (tls_db_enabled)
+
+	if (tls_db_enabled) {
+
+		if (dom && dom != &tls_default_client_domain) {
+			lock_get(dom->lock);
+			dom->refs++;
+			lock_release(dom->lock);
+		}
+
 		lock_stop_read(dom_lock);
+	}
 	return dom;
 }
 
@@ -434,7 +450,22 @@ struct tls_domain *tls_new_domain( str *id, int type)
 		LM_ERR("pkg memory allocation failure\n");
 		return 0;
 	}
+
 	memset( d, 0, sizeof(struct tls_domain));
+
+	d->lock = lock_alloc();
+
+	if (!d->lock){
+		LM_ERR("failed to allocate lock \n");
+		shm_free(d);
+		return 0;
+	}
+
+	if (lock_init(d->lock) == NULL) {
+		LM_ERR("Failed to init lock \n");
+		shm_free(d);
+		return 0;
+	}
 
 	d->id.s = (char*)(d+1);
 	d->id.len = id->len;

diff --git a/modules/tls_mgm/tls_domain.h b/modules/tls_mgm/tls_domain.h
@@ -123,9 +123,6 @@ struct tls_domain *tls_new_domain(str *id, int type);
  */
 void  tls_free_domains(void);
 
-void tls_acquire_domain(struct tls_domain* dom);
-
-
 void tls_release_domain(struct tls_domain* dom);
 
 void tls_release_all_domains(struct tls_domain* dom);

diff --git a/modules/tls_mgm/tls_helper.h b/modules/tls_mgm/tls_helper.h
@@ -9,6 +9,7 @@
 #define	TLS_HELPER_H
 
 #include "tls_config_helper.h"
+#include "../../locking.h"
 
 struct tls_domain {
 	str             id;
@@ -28,6 +29,7 @@ struct tls_domain {
 	char	       *ca_directory;
 	char           *ciphers_list;
         int             refs;
+        gen_lock_t     *lock;
 	enum tls_method method;
 	struct tls_domain *next;
 	str name;

diff --git a/modules/tls_mgm/tls_mgm.c b/modules/tls_mgm/tls_mgm.c
@@ -1363,12 +1363,16 @@ static void mod_destroy(void)
 	while (d) {
 		if (d->ctx)
 			SSL_CTX_free(d->ctx);
+		lock_destroy(d->lock);
+		lock_dealloc(d->lock);
 		d = d->next;
 	}
 	d = tls_client_domains;
 	while (d) {
 		if (d->ctx)
 			SSL_CTX_free(d->ctx);
+		lock_destroy(d->lock);
+		lock_dealloc(d->lock);
 		d = d->next;
 	}
 	if (tls_default_server_domain.ctx) {
@@ -1612,7 +1616,6 @@ static int load_tls_mgm(struct tls_mgm_binds *binds)
 	binds->find_client_domain = tls_find_client_domain;
 	binds->get_handshake_timeout = tls_get_handshake_timeout;
 	binds->get_send_timeout = tls_get_send_timeout;
-	binds->acquire_domain = tls_acquire_domain;
 	binds->release_domain = tls_release_domain;
 	/* everything ok*/
 	return 1;