[tor/master] Avoid double-close on TCP sockets under NSS. - tor-commits

5 Sep 2018

commit b5fddbd24144a94580e50886cd07a82968a1b86c
Author: Nick Mathewson nickm@torproject.org
Date:   Thu Aug 23 13:02:12 2018 -0400
Avoid double-close on TCP sockets under NSS.
---
 src/core/mainloop/connection.c | 25 +++++++++++++++++--------
 src/lib/tls/tortls_openssl.c   |  2 +-
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index ed789d520..91ae41074 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -449,6 +449,20 @@ connection_new(int type, int socket_family)
   }
 }
+static void
+connection_close_and_invalidate_socket(connection_t *conn)
+{
+  if (connection_speaks_cells(conn)) {
+    or_connection_t *or_conn = TO_OR_CONN(conn);
+    tor_tls_free(or_conn->tls);
+    or_conn->tls = NULL;
+    or_conn->base_.s = TOR_INVALID_SOCKET;
+  } else {
+    tor_close_socket(conn->s);
+    conn->s = TOR_INVALID_SOCKET;
+  }
+}
+
 /** Initializes conn. (you must call connection_add() to link it into the main
  * array).
  *
@@ -614,9 +628,8 @@ connection_free_minimal(connection_t *conn)
   tor_free(conn->address);
if (connection_speaks_cells(conn)) {
+    connection_close_and_invalidate_socket(conn);
     or_connection_t *or_conn = TO_OR_CONN(conn);
-    tor_tls_free(or_conn->tls);
-    or_conn->tls = NULL;
     or_handshake_state_free(or_conn->handshake_state);
     or_conn->handshake_state = NULL;
     tor_free(or_conn->nickname);
@@ -692,9 +705,7 @@ connection_free_minimal(connection_t *conn)
   }
if (SOCKET_OK(conn->s)) {
-    log_debug(LD_NET,"closing fd %d.",(int)conn->s);
-    tor_close_socket(conn->s);
-    conn->s = TOR_INVALID_SOCKET;
+    connection_close_and_invalidate_socket(conn);
   }
if (conn->type == CONN_TYPE_OR &&
@@ -820,9 +831,7 @@ connection_close_immediate(connection_t *conn)
   conn->read_blocked_on_bw = 0;
   conn->write_blocked_on_bw = 0;
-  if (SOCKET_OK(conn->s))
-    tor_close_socket(conn->s);
-  conn->s = TOR_INVALID_SOCKET;
+  connection_close_and_invalidate_socket(conn);
   if (conn->linked)
     conn->linked_conn_is_closed = 1;
   if (conn->outbuf)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index a9bab67a0..e455693df 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -1039,7 +1039,7 @@ tor_tls_new(int sock, int isServer)
     goto err;
   }
   result->socket = sock;
-  bio = BIO_new_socket(sock, BIO_NOCLOSE);
+  bio = BIO_new_socket(sock, 0);
   if (! bio) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "opening BIO");
 #ifdef SSL_set_tlsext_host_name

    