Race condition in SSL socket server #2716
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
There were a couple reports about crash related to SSL socket. In the investigation, we found a silly bug in SSL socket server code: the configured group lock is not applied to underlying socket (active socket), so race condition may happen between callback and destroy.
Also, call stack in one report points to certificate verification callback (
verify_cb()function), which may also be caused by above bug or something else (e.g: OpenSSL application data index acquired viaSSL_get_ex_new_index()somehow gets corrupted), so this PR also address the issue by adding normal validation check of SSL socket instance (was only assertion).