2007-03-09
2007-03-09 21:30:39 by Martin Stjernholm <mast@lysator.liu.se>
-
347d85a94e8a9d4bedf4151fb5b7caa991263f2b
(30 lines)
(+24/-6)
[
Show
| Annotate
]
Branch: 5.2
Avoid leaking fd's when clients open ssl connections and close them
immediately again.
Rev: server/protocols/http.pike:1.518
Rev: server/protocols/prot_https.pike:2.15
2:
// Modified by Francesco Chemolli to add throttling capabilities.
// Copyright © 1996 - 2004, Roxen IS.
- constant cvs_version = "$Id: http.pike,v 1.517 2007/02/27 09:08:18 noring Exp $";
+ constant cvs_version = "$Id: http.pike,v 1.518 2007/03/09 21:30:38 mast Exp $";
// #define REQUEST_DEBUG
#define MAGIC_ERROR
996: Inside #if defined(DEBUG)
if (mixed err = catch (my_fd->close())) {
#ifdef DEBUG
report_debug ("Failed to close http(s) connection: " +
- describe_error (err));
+ describe_backtrace (err));
#endif
}
my_fd = 0;
1069:
data_buffer = 0;
pipe = 0;
- // Avoid that the fd is closed by disconnect() - the write direction
- // might still want to use it. We rely on refcount garbing instead.
+ // Zero my_fd to avoid that the fd is closed by disconnect() - the
+ // write direction might still want to use it. We rely on refcount
+ // garbing instead, which means we must be careful about
+ // deinstalling callbacks (they might not point to this object in
+ // all cases).
//
- // FIXME: sslfile's might not close nicely if they're refcount
- // garbed.
+ // http_fallback.ssl_alert_callback also counts on that my_fd
+ // doesn't get closed since it calls this close callback and then
+ // passes the connection on to fallback_redirect_request.
+ my_fd->set_read_callback (0);
+ my_fd->set_close_callback (0);
+ if (my_fd->set_alert_callback) {
+ // Ugly hack in case of an ssl connection: Zero the alert and
+ // accept callbacks too. They are set by the http_fallback in
+ // prot_https.pike. It normally ensures that they get zeroed too
+ // after a successful connect or http redirect, but if the client
+ // drops the connection very early, before either path has been
+ // taken, we get here directly. (http_fallback can't wrap close_cb
+ // since it's installed afterwards.)
+ my_fd->set_alert_callback (0);
+ my_fd->set_accept_callback (0);
+ }
my_fd = 0;
disconnect();