Commit 8c9e75af authored by Guillaume Roguez's avatar Guillaume Roguez

tls: prevent recursive call to flushRxQueue()

TlsSession::flushRxQueue() let TlsSession::handleDataPacket() to be called
causing a recursive call to TlsSession::flushRxQueue(), finally resulting
into application crash.

Solve that by testing if we're in flush opeation and just no-op in such case.

Change-Id: Ie4d52a9df495784e36e3691404f44cd8f66dbb6d
parent bfe9ff59
......@@ -941,10 +941,25 @@ TlsSession::handleDataPacket(std::vector<uint8_t>&& buf, uint64_t pkt_seq)
void
TlsSession::flushRxQueue()
{
// RAII bool swap
class GuardedBoolSwap {
public:
explicit GuardedBoolSwap(bool& var) : var_ {var} { var_ = !var_; }
~GuardedBoolSwap() { var_ = !var_; }
private:
bool& var_;
};
std::unique_lock<std::mutex> lk {reorderBufMutex_};
if (reorderBuffer_.empty())
return;
// Prevent re-entrant access as the callbacks_.onRxData() is called in unprotected region
if (flushProcessing_)
return;
GuardedBoolSwap swap_flush_processing {flushProcessing_};
auto item = std::begin(reorderBuffer_);
auto next_offset = item->first;
auto first_offset = next_offset;
......
......@@ -219,6 +219,7 @@ private:
std::list<std::vector<uint8_t>> rxQueue_ {};
std::mutex reorderBufMutex_;
bool flushProcessing_ {false}; ///< protect against recursive call to flushRxQueue
std::vector<uint8_t> rawPktBuf_; ///< gnutls incoming packet buffer
uint64_t baseSeq_ {0}; ///< sequence number of first application data packet received
uint64_t lastRxSeq_ {0}; ///< last received and valid packet sequence number
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment