Februar 2009 - ngIRCd GIT Updates

Florian Westphal : TLS/SSL: remove useless error message when ssl connection is closed
by fw＠arthur.barton.de 05 Feb '09

05 Feb '09

Module: ngircd.git Branch: master Commit: b8c6dd503fe4e7814f4b9327a8cd43007a4ec150 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b8c6dd50… Author: Florian Westphal <fw(a)strlen.de> Date: Thu Feb 5 23:42:56 2009 +0100 TLS/SSL: remove useless error message when ssl connection is closed When using OpenSSL, the following annoying "error" message was logged whenever an encrypted connection was shut down in a orderly fashion: TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error of course, this isn't an error at all. --- src/ngircd/conn-ssl.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 1b4da3c..4ef8f66 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -484,8 +484,8 @@ ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname ) Conn_OPTION_ADD(c, CONN_SSL_WANT_WRITE); /* fall through */ case SSL_ERROR_NONE: return 0; /* try again later */ - case SSL_ERROR_ZERO_RETURN: /* TLS/SSL Connection was shut down */ - LogOpenSSLError("TLS/SSL Connection shutdown", fname); + case SSL_ERROR_ZERO_RETURN: + LogDebug("TLS/SSL connection shut down normally"); break; /* SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT, SSL_ERROR_WANT_X509_LOOKUP

1 0

Florian Westphal : update ChangeLog.
by fw＠arthur.barton.de 04 Feb '09

04 Feb '09

Module: ngircd.git Branch: master Commit: 66d6c3c84b092c422b094bddeff3e04fd2488cfc URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=66d6c3c8… Author: Florian Westphal <fw(a)strlen.de> Date: Wed Feb 4 23:33:46 2009 +0100 update ChangeLog. --- ChangeLog | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6e1fcc7..2cc268a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,12 @@ -- ChangeLog -- +ngIRCd-dev + - Fix memory leak when a encrypted and compressed server link goes down. + (Bug #95, reported by Christoph, fiesh(a)fiesh.homeip.net) + - Fix handling of channels containing dots (Bug #93, reported by + gonosz csiga) ngIRCd Release 13 (2008-12-25) - Updated documentation, especially doc/Services.txt and doc/SSL.txt.

1 0

Florian Westphal : SSL/TLS: clear all ssl realted flags on shutdown
by fw＠arthur.barton.de 04 Feb '09

04 Feb '09

Module: ngircd.git Branch: master Commit: 2fce4667a86e42589db8dd84a51c472aa18ac80e URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=2fce4667… Author: Florian Westphal <fw(a)strlen.de> Date: Wed Feb 4 23:23:12 2009 +0100 SSL/TLS: clear all ssl realted flags on shutdown one ssl related flags was not cleared on ssl shutdown. introduce and use CONN_SSL_FLAGS_ALL to zap them all. --- src/ngircd/conn-ssl.c | 3 ++- src/ngircd/conn.h | 1 + 2 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index dc165d7..1b4da3c 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -228,7 +228,8 @@ void ConnSSL_Free(CONNECTION *c) } #endif assert(Conn_OPTION_ISSET(c, CONN_SSL)); - Conn_OPTION_DEL(c, (CONN_SSL_CONNECT|CONN_SSL|CONN_SSL_WANT_WRITE)); + /* can't just set bitmask to 0 -- there are other, non-ssl related flags, e.g. CONN_ZIP. */ + Conn_OPTION_DEL(c, CONN_SSL_FLAGS_ALL); } diff --git a/src/ngircd/conn.h b/src/ngircd/conn.h index bd332b6..450d3d1 100644 --- a/src/ngircd/conn.h +++ b/src/ngircd/conn.h @@ -39,6 +39,7 @@ #define CONN_SSL 32 /* this connection is SSL encrypted */ #define CONN_SSL_WANT_WRITE 64 /* SSL/TLS library needs to write protocol data */ #define CONN_SSL_WANT_READ 128 /* SSL/TLS library needs to read protocol data */ +#define CONN_SSL_FLAGS_ALL (CONN_SSL_CONNECT|CONN_SSL|CONN_SSL_WANT_WRITE|CONN_SSL_WANT_READ) #endif typedef int CONN_ID;

1 0

Florian Westphal : TLS/SSL: fix memory leak when using compressed server links with ssl
by fw＠arthur.barton.de 04 Feb '09

04 Feb '09

Module: ngircd.git Branch: master Commit: c6a43fbaf0579741ebf34e88ca7f0586b471062e URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=c6a43fba… Author: Florian Westphal <fw(a)strlen.de> Date: Wed Feb 4 23:01:53 2009 +0100 TLS/SSL: fix memory leak when using compressed server links with ssl commit 6bc2d3d06e9cb4da68ea4b63d9b6b219d88ab927 (New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks. The result is that when a compressed AND encrypted server link goes down the memory allocated by zlib and the r/w buffers are no longer free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag from the flag mask. --- src/ngircd/conn.h | 16 +++++++++++----- 1 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/ngircd/conn.h b/src/ngircd/conn.h index 08f6dde..bd332b6 100644 --- a/src/ngircd/conn.h +++ b/src/ngircd/conn.h @@ -18,7 +18,13 @@ #include <time.h> /* for time_t, see below */ - +/* + * connection state flags. this is a bitmask -- all values must + * be unique and a power of two. + * + * If you introduce new ones in between, make sure to adjust all + * remaining ones. + */ #define CONN_ISCLOSING 1 /* Conn_Close() already called */ #define CONN_ISCONNECTING 2 /* connect() in progress */ #define CONN_RFC1459 4 /* RFC 1459 compatibility mode */ @@ -29,10 +35,10 @@ #include "conf-ssl.h" #ifdef SSL_SUPPORT -#define CONN_SSL_CONNECT 8 /* wait for ssl connect to finish */ -#define CONN_SSL 16 /* this connection is SSL encrypted */ -#define CONN_SSL_WANT_WRITE 32 /* SSL/TLS library needs to write protocol data */ -#define CONN_SSL_WANT_READ 64 /* SSL/TLS library needs to read protocol data */ +#define CONN_SSL_CONNECT 16 /* wait for ssl connect to finish */ +#define CONN_SSL 32 /* this connection is SSL encrypted */ +#define CONN_SSL_WANT_WRITE 64 /* SSL/TLS library needs to write protocol data */ +#define CONN_SSL_WANT_READ 128 /* SSL/TLS library needs to read protocol data */ #endif typedef int CONN_ID;

1 0