- Fixed bug where ircd didn't timeout SSL connections that haven't

  finished the SSL handshake. Reported by Adam.


git-svn-id: svn://svn.ircd-hybrid.org/svnroot/ircd-hybrid/branches/8.1.x@2724 82007160-df01-0410-b94d-b575c5fd34c7

6 files changed, 28 insertions, 2 deletions

diff --git a/src/s_bsd.c b/src/s_bsd.c
index 89ba44d..5750b39 100644
--- a/src/s_bsd.c
+++ b/src/s_bsd.c
@@ -239,16 +239,22 @@ ssl_handshake(int fd, struct Client *client_p)
 
   if ((ret = SSL_accept(client_p->localClient->fd.ssl)) <= 0)
   {
+    if ((CurrentTime - client_p->localClient->firsttime) > 30)
+    {
+      exit_client(client_p, client_p, "Timeout during SSL handshake");
+      return;
+    }
+
     switch (SSL_get_error(client_p->localClient->fd.ssl, ret))
     {
       case SSL_ERROR_WANT_WRITE:
         comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
-	               (PF *) ssl_handshake, client_p, 0);
+	               (PF *) ssl_handshake, client_p, 30);
         return;
 
       case SSL_ERROR_WANT_READ:
         comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
-	               (PF *) ssl_handshake, client_p, 0);
+	               (PF *) ssl_handshake, client_p, 30);
         return;
 
       default:
diff --git a/src/s_bsd_devpoll.c b/src/s_bsd_devpoll.c
index 4bc5aaa..866b9b3 100644
--- a/src/s_bsd_devpoll.c
+++ b/src/s_bsd_devpoll.c
@@ -114,7 +114,11 @@ comm_setselect(fde_t *F, unsigned int type, PF *handler,
     (F->write_handler ? POLLOUT : 0);
 
   if (timeout != 0)
+  {
     F->timeout = CurrentTime + (timeout / 1000);
+    F->timeout_handler = handler;
+    F->timeout_data = client_data;
+  }
 
   if (new_events != F->evcache)
   {
diff --git a/src/s_bsd_epoll.c b/src/s_bsd_epoll.c
index 088a3ff..09c0f69 100644
--- a/src/s_bsd_epoll.c
+++ b/src/s_bsd_epoll.c
@@ -141,7 +141,11 @@ comm_setselect(fde_t *F, unsigned int type, PF *handler,
     (F->write_handler ? EPOLLOUT : 0);
 
   if (timeout != 0)
+  {
     F->timeout = CurrentTime + (timeout / 1000);
+    F->timeout_handler = handler;
+    F->timeout_data = client_data;
+  }
 
   if (new_events != F->evcache)
   {
diff --git a/src/s_bsd_kqueue.c b/src/s_bsd_kqueue.c
index cb38e50..5d8dbed 100644
--- a/src/s_bsd_kqueue.c
+++ b/src/s_bsd_kqueue.c
@@ -120,7 +120,11 @@ comm_setselect(fde_t *F, unsigned int type, PF *handler,
                (F->write_handler ? COMM_SELECT_WRITE : 0);
 
   if (timeout != 0)
+  {
     F->timeout = CurrentTime + (timeout / 1000);
+    F->timeout_handler = handler;
+    F->timeout_data = client_data;
+  }
 
   diff = new_events ^ F->evcache;
 
diff --git a/src/s_bsd_poll.c b/src/s_bsd_poll.c
index fbbc5c0..f33af38 100644
--- a/src/s_bsd_poll.c
+++ b/src/s_bsd_poll.c
@@ -112,7 +112,11 @@ comm_setselect(fde_t *F, unsigned int type, PF *handler,
                (F->write_handler ? POLLWRNORM : 0);
 
   if (timeout != 0)
+  {
     F->timeout = CurrentTime + (timeout / 1000);
+    F->timeout_handler = handler;
+    F->timeout_data = client_data;
+  }
 
   if (new_events != F->evcache)
   {
diff --git a/src/s_bsd_select.c b/src/s_bsd_select.c
index 464cdfe..7aa4e30 100644
--- a/src/s_bsd_select.c
+++ b/src/s_bsd_select.c
@@ -84,7 +84,11 @@ comm_setselect(fde_t *F, unsigned int type, PF *handler,
                (F->write_handler ? COMM_SELECT_WRITE : 0);
 
   if (timeout != 0)
+  {
     F->timeout = CurrentTime + (timeout / 1000);
+    F->timeout_handler = handler;
+    F->timeout_data = client_data;
+  }
 
   if (new_events != F->evcache)
   {