Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dnsdist: Release memory on DNS over TLS handshake failure #7060

Merged
merged 3 commits into from Oct 15, 2018
Merged

dnsdist: Release memory on DNS over TLS handshake failure #7060

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8acab54
dnsdist: Release memory on DNS over TLS handshake failure
rgacogne Oct 12, 2018
4216514
dnsdist: Also catch exceptions not derived from std::exception
rgacogne Oct 12, 2018
5c63650
dnsdist: Remove potential double-free in GnuTLS session tickets error…
rgacogne Oct 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 19 additions & 1 deletion pdns/dnsdistdist/tcpiohandler.cc
View file
Open in desktop
Expand Up @@ -246,19 +246,30 @@ class OpenSSLTLSConnection: public TLSConnection
}

if (!SSL_set_fd(d_conn, d_socket)) {
SSL_free(d_conn);
d_conn = nullptr;
throw std::runtime_error("Error assigning socket");
}

int res = 0;
do {
res = SSL_accept(d_conn);
if (res < 0) {
handleIORequest(res, timeout);
try {
handleIORequest(res, timeout);
}
catch(...) {
SSL_free(d_conn);
d_conn = nullptr;
throw;
}
}
}
while (res < 0);

if (res != 1) {
SSL_free(d_conn);
d_conn = nullptr;
throw std::runtime_error("Error accepting TLS connection");
}
}
Expand Down Expand Up @@ -407,17 +418,23 @@ class OpenSSLTLSIOCtx: public TLSCtx
for (const auto& pair : fe.d_certKeyPairs) {
if (SSL_CTX_use_certificate_chain_file(d_tlsCtx, pair.first.c_str()) != 1) {
ERR_print_errors_fp(stderr);
SSL_CTX_free(d_tlsCtx);
d_tlsCtx = nullptr;
throw std::runtime_error("Error loading certificate from " + pair.first + " for the TLS context on " + fe.d_addr.toStringWithPort());
}
if (SSL_CTX_use_PrivateKey_file(d_tlsCtx, pair.second.c_str(), SSL_FILETYPE_PEM) != 1) {
ERR_print_errors_fp(stderr);
SSL_CTX_free(d_tlsCtx);
d_tlsCtx = nullptr;
throw std::runtime_error("Error loading key from " + pair.second + " for the TLS context on " + fe.d_addr.toStringWithPort());
}
}

if (!fe.d_ciphers.empty()) {
if (SSL_CTX_set_cipher_list(d_tlsCtx, fe.d_ciphers.c_str()) != 1) {
ERR_print_errors_fp(stderr);
SSL_CTX_free(d_tlsCtx);
d_tlsCtx = nullptr;
throw std::runtime_error("Error setting the cipher list to '" + fe.d_ciphers + "' for the TLS context on " + fe.d_addr.toStringWithPort());
}
}
Expand All @@ -432,6 +449,7 @@ class OpenSSLTLSIOCtx: public TLSCtx
}
catch (const std::exception& e) {
SSL_CTX_free(d_tlsCtx);
d_tlsCtx = nullptr;
throw;
}
}
Expand Down