tls: crash fix: clear c->ssl on new

conn structures are reused without fully wiping the struct, so if the same conn object would go from ssl to non ssl it could crash.
dormando · Aug 24, 2024 · 461d873 · 461d873
1 parent dbe1819
commit 461d873
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/memcached.c b/memcached.c
@@ -743,6 +743,7 @@ conn *conn_new(const int sfd, enum conn_states init_state,
     c->io_queues_submitted = 0;
 
     c->item = 0;
+    c->ssl = NULL;
 
     c->noreply = false;
 

diff --git a/memcached.h b/memcached.h
@@ -835,8 +835,8 @@ struct conn {
     bool rbuf_malloced; /** read buffer was malloc'ed for ascii mget, needs free() */
     bool item_malloced; /** item for conn_nread state is a temporary malloc */
     uint8_t ssl_enabled;
-#ifdef TLS
     void    *ssl;
+#ifdef TLS
     char   *ssl_wbuf;
 #endif
     enum conn_states  state;

diff --git a/thread.c b/thread.c
@@ -631,6 +631,7 @@ static void thread_libevent_process(evutil_socket_t fd, short which, void *arg)
                         }
                         if (item->ssl) {
                             ssl_conn_close(item->ssl);
+                            item->ssl = NULL;
                         }
                         close(item->sfd);
                     }