Commit 990c05c5 authored by unknown's avatar unknown

Bug#25203 Mysql crashes when mysql_kill() is executed in a connection using SSL

 - It's too early to free the SSL object in 'vio_ssl_close'. There
   might still be a thread using or reading from it on platforms
   where we need to close the active connection/socket in order
   to break the read.  
 - Add new function 'vio_ssl_delete' and install it as the viodelete
   function for SSL connections.


vio/vio.c:
  Install 'vio_ssl_delete' as viodelete function for SSL connections
  Cleanup 'vio_delete'
vio/vio_priv.h:
  Add declaration of vio_ssl_delete
vio/viossl.c:
  Add new function 'vio_ssl_delete' that takes care of freeing the memory
  allocated by the SSL connection
  Move the code to free the SSL object from vio_ssl_close
parent 62db2239
...@@ -86,7 +86,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type, ...@@ -86,7 +86,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type,
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
if (type == VIO_TYPE_SSL) if (type == VIO_TYPE_SSL)
{ {
vio->viodelete =vio_delete; vio->viodelete =vio_ssl_delete;
vio->vioerrno =vio_errno; vio->vioerrno =vio_errno;
vio->read =vio_ssl_read; vio->read =vio_ssl_read;
vio->write =vio_ssl_write; vio->write =vio_ssl_write;
...@@ -220,17 +220,16 @@ Vio *vio_new_win32shared_memory(NET *net,HANDLE handle_file_map, HANDLE handle_m ...@@ -220,17 +220,16 @@ Vio *vio_new_win32shared_memory(NET *net,HANDLE handle_file_map, HANDLE handle_m
#endif #endif
#endif #endif
void vio_delete(Vio* vio) void vio_delete(Vio* vio)
{ {
/* It must be safe to delete null pointers. */ if (!vio)
/* This matches the semantics of C++'s delete operator. */ return; /* It must be safe to delete null pointers. */
if (vio)
{ if (vio->type != VIO_CLOSED)
if (vio->type != VIO_CLOSED) vio->vioclose(vio);
vio->vioclose(vio); my_free((gptr) vio->read_buffer, MYF(MY_ALLOW_ZERO_PTR));
my_free((gptr) vio->read_buffer, MYF(MY_ALLOW_ZERO_PTR)); my_free((gptr) vio,MYF(0));
my_free((gptr) vio,MYF(0));
}
} }
......
...@@ -32,6 +32,7 @@ int vio_ssl_write(Vio *vio,const gptr buf,int size); ...@@ -32,6 +32,7 @@ int vio_ssl_write(Vio *vio,const gptr buf,int size);
/* When the workday is over... */ /* When the workday is over... */
int vio_ssl_close(Vio *vio); int vio_ssl_close(Vio *vio);
void vio_ssl_delete(Vio *vio);
int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode); int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);
......
...@@ -140,13 +140,29 @@ int vio_ssl_close(Vio *vio) ...@@ -140,13 +140,29 @@ int vio_ssl_close(Vio *vio)
SSL_get_error(ssl, r))); SSL_get_error(ssl, r)));
break; break;
} }
SSL_free(ssl);
vio->ssl_arg= 0;
} }
DBUG_RETURN(vio_close(vio)); DBUG_RETURN(vio_close(vio));
} }
void vio_ssl_delete(Vio *vio)
{
if (!vio)
return; /* It must be safe to delete null pointer */
if (vio->type == VIO_TYPE_SSL)
vio_ssl_close(vio); /* Still open, close connection first */
if (vio->ssl_arg)
{
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
}
vio_delete(vio);
}
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout) int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{ {
SSL *ssl; SSL *ssl;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment