Skip to content
Permalink
Browse files Browse the repository at this point in the history
Proper global init/deinit of GnuTLS
These are reference counted so it is important to retain symmetry
between the calls. Failure to do so will result in bad memory access
and crashes.
  • Loading branch information
CendioOssman committed Aug 23, 2016
1 parent 1f1786f commit 8aa4bc5
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 33 deletions.
19 changes: 5 additions & 14 deletions common/rfb/CSecurityTLS.cxx
Expand Up @@ -67,21 +67,14 @@ StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer

static LogWriter vlog("TLS");

void CSecurityTLS::initGlobal()
{
static bool globalInitDone = false;

if (!globalInitDone) {
gnutls_global_init();
globalInitDone = true;
}
}

CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0),
anon(_anon), fis(0), fos(0)
{
cafile = X509CA.getData();
crlfile = X509CRL.getData();

if (gnutls_global_init() != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_global_init failed");
}

void CSecurityTLS::setDefaults()
Expand Down Expand Up @@ -125,8 +118,6 @@ void CSecurityTLS::shutdown(bool needbye)
if (session) {
gnutls_deinit(session);
session = 0;

gnutls_global_deinit();
}
}

Expand All @@ -142,6 +133,8 @@ CSecurityTLS::~CSecurityTLS()

delete[] cafile;
delete[] crlfile;

gnutls_global_deinit();
}

bool CSecurityTLS::processMsg(CConnection* cc)
Expand All @@ -150,8 +143,6 @@ bool CSecurityTLS::processMsg(CConnection* cc)
rdr::OutStream* os = cc->getOutStream();
client = cc;

initGlobal();

if (!session) {
if (!is->checkNoWait(1))
return false;
Expand Down
2 changes: 0 additions & 2 deletions common/rfb/CSecurityTLS.h
Expand Up @@ -62,8 +62,6 @@ namespace rfb {
CConnection *client;

private:
static void initGlobal();

gnutls_session_t session;
gnutls_anon_client_credentials_t anon_cred;
gnutls_certificate_credentials_t cert_cred;
Expand Down
20 changes: 5 additions & 15 deletions common/rfb/SSecurityTLS.cxx
Expand Up @@ -48,23 +48,15 @@ StringParameter SSecurityTLS::X509_KeyFile

static LogWriter vlog("TLS");

void SSecurityTLS::initGlobal()
{
static bool globalInitDone = false;

if (!globalInitDone) {
if (gnutls_global_init() != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_global_init failed");
globalInitDone = true;
}
}

SSecurityTLS::SSecurityTLS(bool _anon) : session(0), dh_params(0),
anon_cred(0), cert_cred(0),
anon(_anon), fis(0), fos(0)
{
certfile = X509_CertFile.getData();
keyfile = X509_KeyFile.getData();

if (gnutls_global_init() != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_global_init failed");
}

void SSecurityTLS::shutdown()
Expand Down Expand Up @@ -94,8 +86,6 @@ void SSecurityTLS::shutdown()
if (session) {
gnutls_deinit(session);
session = 0;

gnutls_global_deinit();
}
}

Expand All @@ -111,6 +101,8 @@ SSecurityTLS::~SSecurityTLS()

delete[] keyfile;
delete[] certfile;

gnutls_global_deinit();
}

bool SSecurityTLS::processMsg(SConnection *sc)
Expand All @@ -121,8 +113,6 @@ bool SSecurityTLS::processMsg(SConnection *sc)
vlog.debug("Process security message (session %p)", session);

if (!session) {
initGlobal();

if (gnutls_init(&session, GNUTLS_SERVER) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_init failed");

Expand Down
2 changes: 0 additions & 2 deletions common/rfb/SSecurityTLS.h
Expand Up @@ -54,8 +54,6 @@ namespace rfb {
void setParams(gnutls_session_t session);

private:
static void initGlobal();

gnutls_session_t session;
gnutls_dh_params_t dh_params;
gnutls_anon_server_credentials_t anon_cred;
Expand Down

0 comments on commit 8aa4bc5

Please sign in to comment.