Commit d320ef11 authored by Grigorii Demidov's avatar Grigorii Demidov Committed by Petr Špaček

daemon/tls: tls_push() can fall into endless loop in some circumstances; prevent it

parent 7fbb5af1
......@@ -231,6 +231,7 @@ int tls_push(struct qr_task *task, uv_handle_t *handle, knot_pkt_t *pkt)
}
ssize_t submitted = 0;
ssize_t retries = 0;
do {
count = gnutls_record_uncork(tls_p->session, 0);
if (count < 0) {
......@@ -239,7 +240,13 @@ int tls_push(struct qr_task *task, uv_handle_t *handle, knot_pkt_t *pkt)
gnutls_strerror_name(count), count);
return kr_error(EIO);
}
if (++retries > TLS_MAX_UNCORK_RETRIES) {
kr_log_error("[tls] gnutls_record_uncork: too many sequential non-fatal errors (%zd), last error is: %s (%zd)\n",
retries, gnutls_strerror_name(count), count);
return kr_error(EIO);
}
} else {
retries = 0;
submitted += count;
if (count == 0 && submitted != sizeof(pkt_size) + pkt->size) {
kr_log_error("[tls] gnutls_record_uncork didn't send all data: %s (%zd)\n",
......
......@@ -24,6 +24,7 @@
#include "lib/generic/map.h"
#define MAX_TLS_PADDING KR_EDNS_PAYLOAD
#define TLS_MAX_UNCORK_RETRIES 100
struct tls_ctx_t;
struct tls_client_ctx_t;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment