dovecot-2.2: login: Try to avoid busy-looping on SSL_accept() wh...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/e95479f439aa
changeset: 15513:e95479f439aa
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Nov 23 08:52:06 2012 +0200
description:
login: Try to avoid busy-looping on SSL_accept() when client doesn't behave nicely.

diffstat:

 src/login-common/ssl-proxy-openssl.c |  17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diffs (63 lines):

diff -r c722bd39098b -r e95479f439aa src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Fri Nov 23 08:32:13 2012 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Fri Nov 23 08:52:06 2012 +0200
@@ -394,8 +394,9 @@
 	return ssl_err2str(err, data, flags);
 }
 
-static void ssl_handle_error(struct ssl_proxy *proxy, int ret,
-			     const char *func_name)
+static void
+ssl_handle_error(struct ssl_proxy *proxy, int ret, bool remove_wrong_direction,
+		 const char *func_name)
 {
 	const char *errstr = NULL;
 	int err;
@@ -408,9 +409,13 @@
 	switch (err) {
 	case SSL_ERROR_WANT_READ:
 		ssl_set_io(proxy, SSL_ADD_INPUT);
+		if (remove_wrong_direction)
+			ssl_set_io(proxy, SSL_REMOVE_OUTPUT);
 		break;
 	case SSL_ERROR_WANT_WRITE:
 		ssl_set_io(proxy, SSL_ADD_OUTPUT);
+		if (remove_wrong_direction)
+			ssl_set_io(proxy, SSL_REMOVE_INPUT);
 		break;
 	case SSL_ERROR_SYSCALL:
 		/* eat up the error queue */
@@ -458,13 +463,13 @@
 	if (proxy->client_proxy) {
 		ret = SSL_connect(proxy->ssl);
 		if (ret != 1) {
-			ssl_handle_error(proxy, ret, "SSL_connect()");
+			ssl_handle_error(proxy, ret, TRUE, "SSL_connect()");
 			return;
 		}
 	} else {
 		ret = SSL_accept(proxy->ssl);
 		if (ret != 1) {
-			ssl_handle_error(proxy, ret, "SSL_accept()");
+			ssl_handle_error(proxy, ret, TRUE, "SSL_accept()");
 			return;
 		}
 	}
@@ -491,7 +496,7 @@
 			       sizeof(proxy->plainout_buf) -
 			       proxy->plainout_size);
 		if (ret <= 0) {
-			ssl_handle_error(proxy, ret, "SSL_read()");
+			ssl_handle_error(proxy, ret, FALSE, "SSL_read()");
 			break;
 		} else {
 			i_free_and_null(proxy->last_error);
@@ -507,7 +512,7 @@
 
 	ret = SSL_write(proxy->ssl, proxy->sslout_buf, proxy->sslout_size);
 	if (ret <= 0)
-		ssl_handle_error(proxy, ret, "SSL_write()");
+		ssl_handle_error(proxy, ret, FALSE, "SSL_write()");
 	else {
 		i_free_and_null(proxy->last_error);
 		proxy->sslout_size -= ret;