Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed bug at connection time that could lead to exhausting connection…

…s and threads.

There was no timeout for gnuTLS, and listenfd was not cleared when gnuTLS connections failed.
  • Loading branch information...
commit ffa6098eb31508bd09f11ba569fda726b13b0a38 1 parent 7d16b69
@davidmoreno authored
Showing with 15 additions and 1 deletion.
  1. +1 −0  examples/oterm/oterm.c
  2. +14 −1 src/onion/onion.c
View
1  examples/oterm/oterm.c
@@ -200,6 +200,7 @@ int main(int argc, char **argv){
onion_set_port(o, port);
onion_set_hostname(o, serverip);
+ onion_set_timeout(o,5000);
signal(SIGINT, free_onion);
signal(SIGPIPE, SIG_IGN);
View
15 src/onion/onion.c
@@ -679,10 +679,21 @@ static int onion_accept_request(onion *o){
char address[64];
int clientfd=accept4(o->listenfd, (struct sockaddr *) &cli_addr, &clilen, SOCK_CLOEXEC);
- if (clientfd<0){
+
+ if (clientfd<0){
ONION_ERROR("Error accepting connection: %s",strerror(errno));
return -1;
}
+
+ /// Thanks to Andrew Victor for pointing that without this client may block HTTPS connection. It could lead to DoS if occupies all connections.
+ {
+ struct timeval t;
+ t.tv_sec = o->timeout / 1000;
+ t.tv_usec = ( o->timeout % 1000 ) * 1000;
+
+ setsockopt(clientfd, SOL_SOCKET, SO_RCVTIMEO, &t, sizeof(struct timeval));
+ }
+
if(SOCK_CLOEXEC == 0) { // Good compiler know how to cut this out
int flags=fcntl(clientfd, F_GETFD);
if (flags==-1){
@@ -700,6 +711,8 @@ static int onion_accept_request(onion *o){
if (o->flags&O_POLL){
onion_request *req=onion_connection_start(o, clientfd, address);
if (!req){
+ shutdown(clientfd,SHUT_RDWR); // Socket must be destroyed.
+ close(clientfd);
return 0;
}
onion_poller_slot *slot=onion_poller_slot_new(clientfd, (void*)onion_connection_read, req);
Please sign in to comment.
Something went wrong with that request. Please try again.