Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dtls: Don't send packets to a dead socket during rekeying
vpninfo->{dtls_fd,dtls_ssl} are typically invalid when dtls_restart() returns, as the new handshake has not completed at that point. Under some circumstances, FD_CLR() may be called on a negative fd, resulting in a crash: (gdb) bt #0 0x00007f749201df77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007f74920215e8 in __GI_abort () at abort.c:90 #2 0x00007f749205b4fb in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7f749216cf10 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199 #3 0x00007f74920f908c in __GI___fortify_fail (msg=<optimized out>, msg@entry=0x7f749216cea7 "buffer overflow detected") at fortify_fail.c:37 #4 0x00007f74920f8020 in __GI___chk_fail () at chk_fail.c:28 #5 0x00007f74920f8fd7 in __fdelt_chk (d=<optimized out>) at fdelt_chk.c:25 #6 0x00007f749388b86c in ?? () #7 0x00007f749388e271 in ?? () #8 0x00007f74938883a2 in ?? () #9 0x00007f7492008de5 in __libc_start_main (main=0x7f7493887010, argc=5, ubp_av=0x7fff01f1fe98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff01f1fe88) at libc-start.c:260 #10 0x00007f74938885e3 in ?? () So we should return back to the mainloop instead of trying to send out queued packets over DTLS. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
- Loading branch information