NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit5674460

committed

Fix error recovery for SSL_read/SSL_write calls.

1 parent76b45c9 commit5674460Copy full SHA for 5674460

File tree

2 files changed

+47

-23

lines changed

src
- backend/libpq
  - be-secure.c
- interfaces/libpq
  - fe-secure.c

2 files changed

+47

-23

lines changed

`‎src/backend/libpq/be-secure.c‎`

Lines changed: 24 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`*`
`13`	`13`	`* IDENTIFICATION`
`14`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.28 2003/03/29 05:00:15 momjian Exp $`
	`14`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.29 2003/04/10 23:03:08 tgl Exp $`
`15`	`15`	`*`
`16`	`16`	`* Since the server static private key ($DataDir/server.key)`
`17`	`17`	`* will normally be stored unencrypted so that the database`
`@@ -276,21 +276,21 @@ secure_read(Port port, void ptr, size_t len)`
`276`	`276`	`#ifdefUSE_SSL`
`277`	`277`	`if (port->ssl)`
`278`	`278`	`{`
	`279`	`+rloop:`
`279`	`280`	`n=SSL_read(port->ssl,ptr,len);`
`280`	`281`	`switch (SSL_get_error(port->ssl,n))`
`281`	`282`	`{`
`282`	`283`	`caseSSL_ERROR_NONE:`
`283`	`284`	`port->count+=n;`
`284`	`285`	`break;`
`285`	`286`	`caseSSL_ERROR_WANT_READ:`
`286`		`-n=secure_read(port,ptr,len);`
`287`		`-break;`
`288`	`287`	`caseSSL_ERROR_WANT_WRITE:`
`289`		`-n=secure_write(port,ptr,len);`
`290`		`-break;`
	`288`	`+gotorloop;`
`291`	`289`	`caseSSL_ERROR_SYSCALL:`
`292`	`290`	`if (n==-1)`
`293`		`-elog(COMMERROR,"SSL SYSCALL error: %s",strerror(errno));`
	`291`	`+elog(COMMERROR,"SSL SYSCALL error: %m");`
	`292`	`+else`
	`293`	`+elog(COMMERROR,"SSL SYSCALL error: EOF detected");`
`294`	`294`	`break;`
`295`	`295`	`caseSSL_ERROR_SSL:`
`296`	`296`	`elog(COMMERROR,"SSL error: %s",SSLerrmessage());`
`@@ -300,6 +300,9 @@ secure_read(Port port, void ptr, size_t len)`
`300`	`300`	`errno=ECONNRESET;`
`301`	`301`	`n=-1;`
`302`	`302`	`break;`
	`303`	`+default:`
	`304`	`+elog(COMMERROR,"Unknown SSL error code");`
	`305`	`+break;`
`303`	`306`	`}`
`304`	`307`	`}`
`305`	`308`	`else`
`@@ -322,33 +325,33 @@ secure_write(Port port, void ptr, size_t len)`
`322`	`325`	`{`
`323`	`326`	`if (port->count>RENEGOTIATION_LIMIT)`
`324`	`327`	`{`
`325`		`-SSL_set_session_id_context(port->ssl, (void*)&SSL_context,sizeof(SSL_context));`
`326`		`-`
`327`		`-if (SSL_renegotiate(port->ssl) <=0)`
`328`		`-elog(COMMERROR,"SSL renegotiation failure");`
	`328`	`+SSL_set_session_id_context(port->ssl, (void*)&SSL_context,`
	`329`	`+sizeof(SSL_context));`
	`330`	`+if (SSL_renegotiate(port->ssl) <=0)`
	`331`	`+elog(COMMERROR,"SSL renegotiation failure");`
`329`	`332`	`if (SSL_do_handshake(port->ssl) <=0)`
`330`		`-elog(COMMERROR,"SSL renegotiation failure");`
`331`		`-port->ssl->state=SSL_ST_ACCEPT;`
	`333`	`+elog(COMMERROR,"SSL renegotiation failure");`
	`334`	`+port->ssl->state=SSL_ST_ACCEPT;`
`332`	`335`	`if (SSL_do_handshake(port->ssl) <=0)`
`333`		`-elog(COMMERROR,"SSL renegotiation failure");`
	`336`	`+elog(COMMERROR,"SSL renegotiation failure");`
`334`	`337`	`port->count=0;`
`335`	`338`	`}`
`336`	`339`
	`340`	`+wloop:`
`337`	`341`	`n=SSL_write(port->ssl,ptr,len);`
`338`	`342`	`switch (SSL_get_error(port->ssl,n))`
`339`	`343`	`{`
`340`	`344`	`caseSSL_ERROR_NONE:`
`341`	`345`	`port->count+=n;`
`342`	`346`	`break;`
`343`	`347`	`caseSSL_ERROR_WANT_READ:`
`344`		`-n=secure_read(port,ptr,len);`
`345`		`-break;`
`346`	`348`	`caseSSL_ERROR_WANT_WRITE:`
`347`		`-n=secure_write(port,ptr,len);`
`348`		`-break;`
	`349`	`+gotowloop;`
`349`	`350`	`caseSSL_ERROR_SYSCALL:`
`350`	`351`	`if (n==-1)`
`351`		`-elog(COMMERROR,"SSL SYSCALL error: %s",strerror(errno));`
	`352`	`+elog(COMMERROR,"SSL SYSCALL error: %m");`
	`353`	`+else`
	`354`	`+elog(COMMERROR,"SSL SYSCALL error: EOF detected");`
`352`	`355`	`break;`
`353`	`356`	`caseSSL_ERROR_SSL:`
`354`	`357`	`elog(COMMERROR,"SSL error: %s",SSLerrmessage());`
`@@ -358,6 +361,9 @@ secure_write(Port port, void ptr, size_t len)`
`358`	`361`	`errno=ECONNRESET;`
`359`	`362`	`n=-1;`
`360`	`363`	`break;`
	`364`	`+default:`
	`365`	`+elog(COMMERROR,"Unknown SSL error code");`
	`366`	`+break;`
`361`	`367`	`}`
`362`	`368`	`}`
`363`	`369`	`else`

`‎src/interfaces/libpq/fe-secure.c‎`

Lines changed: 23 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`*`
`12`	`12`	`*`
`13`	`13`	`* IDENTIFICATION`
`14`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.21 2003/02/03 22:33:51 tgl Exp $`
	`14`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.22 2003/04/10 23:03:08 tgl Exp $`
`15`	`15`	`*`
`16`	`16`	`* NOTES`
`17`	`17`	`* The client requires a valid server certificate. Since`
`@@ -266,19 +266,24 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`266`	`266`	`#ifdefUSE_SSL`
`267`	`267`	`if (conn->ssl)`
`268`	`268`	`{`
	`269`	`+rloop:`
`269`	`270`	`n=SSL_read(conn->ssl,ptr,len);`
`270`	`271`	`switch (SSL_get_error(conn->ssl,n))`
`271`	`272`	`{`
`272`	`273`	`caseSSL_ERROR_NONE:`
`273`	`274`	`break;`
`274`	`275`	`caseSSL_ERROR_WANT_READ:`
`275`		`-n=pqsecure_read(conn,ptr,len);`
`276`		`-break;`
	`276`	`+caseSSL_ERROR_WANT_WRITE:`
	`277`	`+/* XXX to support nonblock I/O, we should return 0 here */`
	`278`	`+gotorloop;`
`277`	`279`	`caseSSL_ERROR_SYSCALL:`
`278`	`280`	`if (n==-1)`
`279`	`281`	`printfPQExpBuffer(&conn->errorMessage,`
`280`	`282`	`libpq_gettext("SSL SYSCALL error: %s\n"),`
`281`	`283`	`SOCK_STRERROR(SOCK_ERRNO));`
	`284`	`+else`
	`285`	`+printfPQExpBuffer(&conn->errorMessage,`
	`286`	`+libpq_gettext("SSL SYSCALL error: EOF detected\n"));`
`282`	`287`	`break;`
`283`	`288`	`caseSSL_ERROR_SSL:`
`284`	`289`	`printfPQExpBuffer(&conn->errorMessage,`
`@@ -289,6 +294,10 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`289`	`294`	`SOCK_ERRNO=ECONNRESET;`
`290`	`295`	`n=-1;`
`291`	`296`	`break;`
	`297`	`+default:`
	`298`	`+printfPQExpBuffer(&conn->errorMessage,`
	`299`	`+libpq_gettext("Unknown SSL error code\n"));`
	`300`	`+break;`
`292`	`301`	`}`
`293`	`302`	`}`
`294`	`303`	`else`
`@@ -313,19 +322,24 @@ pqsecure_write(PGconn conn, const void ptr, size_t len)`
`313`	`322`	`#ifdefUSE_SSL`
`314`	`323`	`if (conn->ssl)`
`315`	`324`	`{`
	`325`	`+wloop:`
`316`	`326`	`n=SSL_write(conn->ssl,ptr,len);`
`317`	`327`	`switch (SSL_get_error(conn->ssl,n))`
`318`	`328`	`{`
`319`	`329`	`caseSSL_ERROR_NONE:`
`320`	`330`	`break;`
	`331`	`+caseSSL_ERROR_WANT_READ:`
`321`	`332`	`caseSSL_ERROR_WANT_WRITE:`
`322`		`-n=pqsecure_write(conn,ptr,len);`
`323`		`-break;`
	`333`	`+/* XXX to support nonblock I/O, we should return 0 here */`
	`334`	`+gotowloop;`
`324`	`335`	`caseSSL_ERROR_SYSCALL:`
`325`	`336`	`if (n==-1)`
`326`	`337`	`printfPQExpBuffer(&conn->errorMessage,`
`327`	`338`	`libpq_gettext("SSL SYSCALL error: %s\n"),`
`328`	`339`	`SOCK_STRERROR(SOCK_ERRNO));`
	`340`	`+else`
	`341`	`+printfPQExpBuffer(&conn->errorMessage,`
	`342`	`+libpq_gettext("SSL SYSCALL error: EOF detected\n"));`
`329`	`343`	`break;`
`330`	`344`	`caseSSL_ERROR_SSL:`
`331`	`345`	`printfPQExpBuffer(&conn->errorMessage,`
`@@ -336,6 +350,10 @@ pqsecure_write(PGconn conn, const void ptr, size_t len)`
`336`	`350`	`SOCK_ERRNO=ECONNRESET;`
`337`	`351`	`n=-1;`
`338`	`352`	`break;`
	`353`	`+default:`
	`354`	`+printfPQExpBuffer(&conn->errorMessage,`
	`355`	`+libpq_gettext("Unknown SSL error code\n"));`
	`356`	`+break;`
`339`	`357`	`}`
`340`	`358`	`}`
`341`	`359`	`else`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5674460

File tree

2 files changed

2 files changed

`‎src/backend/libpq/be-secure.c‎`

`‎src/interfaces/libpq/fe-secure.c‎`

0 commit comments