Commit 82fd1703 authored by unknown's avatar unknown
Browse files

Bug#25203 Mysql crashes when mysql_kill() is executed in a connection using SSL 

 - It's too early to free the SSL object in 'vio_ssl_close'. There
   might still be a thread using or reading from it on platforms
   where we need to close the active connection/socket in order
   to break the read.  
 - Add new function 'vio_ssl_delete' and install it as the viodelete
   function for SSL connections.


vio/vio.c:
  Install 'vio_ssl_delete' as viodelete function for SSL connections
  Cleanup 'vio_delete'
vio/vio_priv.h:
  Add declaration of vio_ssl_delete
vio/viossl.c:
  Add new function 'vio_ssl_delete' that takes care of freeing the memory
  allocated by the SSL connection
  Move the code to free the SSL object from vio_ssl_close
parent 7d4477f8

vio/vio.c

+9 −10
Original line number Diff line number Diff line
@@ -86,7 +86,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type, 
#ifdef HAVE_OPENSSL 

  if (type == VIO_TYPE_SSL)

  {

    vio->viodelete	=vio_delete;

    vio->viodelete	=vio_ssl_delete;

    vio->vioerrno	=vio_errno;

    vio->read		=vio_ssl_read;

    vio->write		=vio_ssl_write;
@@ -220,18 +220,17 @@ Vio *vio_new_win32shared_memory(NET *net,HANDLE handle_file_map, HANDLE handle_m 
#endif

#endif





void vio_delete(Vio* vio)

{

  /* It must be safe to delete null pointers. */

  /* This matches the semantics of C++'s delete operator. */

  if (vio)

  {

  if (!vio)

    return; /* It must be safe to delete null pointers. */



  if (vio->type != VIO_CLOSED)

    vio->vioclose(vio);

  my_free((gptr) vio->read_buffer, MYF(MY_ALLOW_ZERO_PTR));

  my_free((gptr) vio,MYF(0));

}

}





/*

vio/vio_priv.h

+1 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ int vio_ssl_write(Vio *vio,const gptr buf,int size); 


/* When the workday is over... */

int vio_ssl_close(Vio *vio);

void vio_ssl_delete(Vio *vio);



int vio_ssl_blocking(Vio *vio, my_bool set_blocking_mode, my_bool *old_mode);

vio/viossl.c

+18 −2
Original line number Diff line number Diff line
@@ -140,13 +140,29 @@ int vio_ssl_close(Vio *vio) 
                               SSL_get_error(ssl, r)));

      break;

    }

    SSL_free(ssl);

    vio->ssl_arg= 0;

  }

  DBUG_RETURN(vio_close(vio));

}





void vio_ssl_delete(Vio *vio)

{

  if (!vio)

    return; /* It must be safe to delete null pointer */



  if (vio->type == VIO_TYPE_SSL)

    vio_ssl_close(vio); /* Still open, close connection first */



  if (vio->ssl_arg)

  {

    SSL_free((SSL*) vio->ssl_arg);

    vio->ssl_arg= 0;

  }



  vio_delete(vio);

}





int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)

{

  SSL *ssl;