Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initialisation of _socketIndex in SSLManager (OpenSSL) #4134

Closed
sudheerhebbale opened this issue Sep 1, 2023 · 7 comments
Closed

Initialisation of _socketIndex in SSLManager (OpenSSL) #4134

sudheerhebbale opened this issue Sep 1, 2023 · 7 comments
Assignees
@obiltschnig
Labels
bug fixed
Milestone
Release 1.12.5

Comments

@sudheerhebbale
Copy link

sudheerhebbale commented Sep 1, 2023
edited

The class SSLManager (NetSSL_OpenSSL/include/Poco/Net/SSLManager.h) declares a variable _socketIndex, the value of which is used in SecureSocketImpl to store and retrieve application data in SSL*

This is not initialized and can lead to errors.

It should be initialized using the function SSL_get_ex_new_index in the constructor.
@micheleselea
Copy link
Contributor

In current version of PocoLib the index is _contextIndex and in constructor

SSLManager::SSLManager():
	_contextIndex(SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL))
{
}

so probably you are talking about an old version?

@sudheerhebbale
Copy link
Author

I am talking about one more member _socketIndex, whose value is referred in SecureSocketImpl.cpp in order to store and retrieve user data in _pSSL (SSL*). This needs to be instantiated properly as well.

While _contextIndex is instantiated and referred in Context.cpp and SSLManager.cpp

@micheleselea
Copy link
Contributor

micheleselea commented Sep 12, 2023
edited

You are right is my code not alligned to 1.12.4
It looks like was changed the SecureSocketImpl::acceptSSL() to use that index, but in my code I'm not using that function, so we have to ask @obiltschnig @aleks-f if it's correct or is missing something because I don't see any _socketIndex initizalization

@micheleselea
Copy link
Contributor

micheleselea commented Sep 12, 2023
edited

Wait I found a strange thing.
If you select from github tag 1.12.4 you see the use of _socketIndex that is not initialized used in acceptSSL
but if you download https://pocoproject.org/releases/poco-1.12.4/poco-1.12.4-all.zip
you cannot find that _socketIndex and even acceptSSL() is different...
I'm confused...

@sudheerhebbale
Copy link
Author

I am referring to the master branch on github (https://github.com/pocoproject/poco master branch)

The definition of class member is in SSLManager.h (should be instantiated in SSLManager.cpp in the constructor). Value is referred in SecureSocketImpl.cpp

@micheleselea
Copy link
Contributor

Understand but the problem seems to be in the 1.12.4 tag to but not in the zip package that is strange because tag and zip should be the same.
The changes you refer to are on the github branches only not in the release zip (or gzip) package you can find on poco website

@sudheerhebbale
Copy link
Author

Well that may be one more issue to be fixed

@obiltschnig obiltschnig self-assigned this Oct 3, 2023
@obiltschnig obiltschnig added the bug label Oct 3, 2023
@obiltschnig obiltschnig added this to the Release 1.12.5 milestone Oct 3, 2023
obiltschnig added a commit that referenced this issue Oct 3, 2023
@obiltschnig
#4134: Initialisation of _socketIndex in SSLManager (OpenSSL)
c488681
@aleks-f aleks-f closed this as completed Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obiltschnig obiltschnig

Labels
bug fixed
Projects
None yet
Milestone
Release 1.12.5
Development

No branches or pull requests
4 participants
@obiltschnig @aleks-f @micheleselea @sudheerhebbale