Author: rjung Date: Thu Jan 24 15:20:49 2019 New Revision: 1852036 URL: http://svn.apache.org/viewvc?rev=1852036&view=rev Log: Fix crashes due to dublicate pool destruction, once via the parent pool and once later via the Finalizer.
Crash is new in 1.2.20 due to the use of a new child pool to fix a memleak issue. Hopefully this fix here does not introduce a new memleak. Modified: tomcat/native/trunk/native/include/ssl_private.h tomcat/native/trunk/native/src/ssl.c tomcat/native/trunk/native/src/sslutils.c Modified: tomcat/native/trunk/native/include/ssl_private.h URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1852036&r1=1852035&r2=1852036&view=diff ============================================================================== --- tomcat/native/trunk/native/include/ssl_private.h (original) +++ tomcat/native/trunk/native/include/ssl_private.h Thu Jan 24 15:20:49 2019 @@ -360,13 +360,16 @@ typedef struct { /* * Additional Functions */ -void SSL_init_app_data2_3_idx(void); +void SSL_init_app_data_idx(void); /* The app_data2 is used to store the tcn_ssl_ctxt_t pointer for the SSL instance. */ void *SSL_get_app_data2(SSL *); void SSL_set_app_data2(SSL *, void *); /* The app_data3 is used to store the handshakeCount pointer for the SSL instance. */ void *SSL_get_app_data3(const SSL *); void SSL_set_app_data3(SSL *, void *); +/* The app_data4 is used to store the destroyCount pointer for the SSL instance. */ +void *SSL_get_app_data4(const SSL *); +void SSL_set_app_data4(SSL *, void *); int SSL_password_prompt(tcn_pass_cb_t *); int SSL_password_callback(char *, int, int, void *); void SSL_BIO_close(BIO *); Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1852036&r1=1852035&r2=1852036&view=diff ============================================================================== --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Thu Jan 24 15:20:49 2019 @@ -822,8 +822,8 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize * low entropy seed. */ SSL_rand_seed(NULL); - /* For SSL_get_app_data2() and SSL_get_app_data3() at request time */ - SSL_init_app_data2_3_idx(); + /* For SSL_get_app_data2(), SSL_get_app_data3() and SSL_get_app_data4() at request time */ + SSL_init_app_data_idx(); init_dh_params(); #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) @@ -1273,11 +1273,27 @@ static void ssl_info_callback(const SSL } } +static apr_status_t ssl_con_pool_cleanup(void *data) +{ + SSL *ssl = (SSL*) data; + int *destroyCount; + + TCN_ASSERT(ssl != 0); + + destroyCount = SSL_get_app_data4(ssl); + if (destroyCount != NULL) { + ++(*destroyCount); + } + + return APR_SUCCESS; +} + TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, jlong ctx /* tcn_ssl_ctxt_t * */, jboolean server) { tcn_ssl_ctxt_t *c = J2P(ctx, tcn_ssl_ctxt_t *); int *handshakeCount = malloc(sizeof(int)); + int *destroyCount = malloc(sizeof(int)); SSL *ssl; apr_pool_t *p = NULL; tcn_ssl_conn_t *con; @@ -1289,6 +1305,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS ssl = SSL_new(c->ctx); if (ssl == NULL) { free(handshakeCount); + free(destroyCount); tcn_ThrowException(e, "cannot create new ssl"); return 0; } @@ -1296,6 +1313,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS apr_pool_create(&p, c->pool); if (p == NULL) { free(handshakeCount); + free(destroyCount); SSL_free(ssl); tcn_ThrowAPRException(e, apr_get_os_error()); return 0; @@ -1303,6 +1321,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS if ((con = apr_pcalloc(p, sizeof(tcn_ssl_conn_t))) == NULL) { free(handshakeCount); + free(destroyCount); SSL_free(ssl); apr_pool_destroy(p); tcn_ThrowAPRException(e, apr_get_os_error()); @@ -1317,6 +1336,10 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS *handshakeCount = 0; SSL_set_app_data3(ssl, handshakeCount); + /* Store the destroyCount in the SSL instance. */ + *destroyCount = 0; + SSL_set_app_data4(ssl, destroyCount); + /* Add callback to keep track of handshakes. */ SSL_CTX_set_info_callback(c->ctx, ssl_info_callback); @@ -1333,6 +1356,11 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS /* Store for later usage in SSL_callback_SSL_verify */ SSL_set_app_data2(ssl, c); SSL_set_app_data(ssl, con); + /* Register cleanup that prevent double destruction */ + apr_pool_cleanup_register(con->pool, (const void *)ssl, + ssl_con_pool_cleanup, + apr_pool_cleanup_null); + return P2J(ssl); } @@ -1430,15 +1458,21 @@ TCN_IMPLEMENT_CALL(void, SSL, freeSSL)(T jlong ssl /* SSL * */) { SSL *ssl_ = J2P(ssl, SSL *); int *handshakeCount = SSL_get_app_data3(ssl_); + int *destroyCount = SSL_get_app_data4(ssl_); tcn_ssl_conn_t *con = SSL_get_app_data(ssl_); UNREFERENCED_STDARGS; + if (destroyCount != NULL) { + if (*destroyCount == 0) { + apr_pool_destroy(con->pool); + } + free(destroyCount); + } if (handshakeCount != NULL) { free(handshakeCount); } SSL_free(ssl_); - apr_pool_destroy(con->pool); } /* Make a BIO pair (network and internal) for the provided SSL * and return the network BIO */ Modified: tomcat/native/trunk/native/src/sslutils.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1852036&r1=1852035&r2=1852036&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslutils.c (original) +++ tomcat/native/trunk/native/src/sslutils.c Thu Jan 24 15:20:49 2019 @@ -52,8 +52,9 @@ static int ssl_ocsp_request(X509 *cert, */ static int SSL_app_data2_idx = -1; static int SSL_app_data3_idx = -1; +static int SSL_app_data4_idx = -1; -void SSL_init_app_data2_3_idx(void) +void SSL_init_app_data_idx(void) { int i; @@ -78,6 +79,15 @@ void SSL_init_app_data2_3_idx(void) "Third Application Data for SSL", NULL, NULL, NULL); + if (SSL_app_data4_idx > -1) { + return; + } + + SSL_app_data4_idx = + SSL_get_ex_new_index(0, + "Fourth Application Data for SSL", + NULL, NULL, NULL); + } void *SSL_get_app_data2(SSL *ssl) @@ -102,6 +112,16 @@ void SSL_set_app_data3(SSL *ssl, void *a SSL_set_ex_data(ssl, SSL_app_data3_idx, arg); } +void *SSL_get_app_data4(const SSL *ssl) +{ + return SSL_get_ex_data(ssl, SSL_app_data4_idx); +} + +void SSL_set_app_data4(SSL *ssl, void *arg) +{ + SSL_set_ex_data(ssl, SSL_app_data4_idx, arg); +} + /* Simple echo password prompting */ int SSL_password_prompt(tcn_pass_cb_t *data) { --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org