pidgin: 51dddff9: gnutls/nss: Don't call the handshake fun..

Thu Apr 1 02:42:11 EDT 2010

-----------------------------------------------------------------
Revision: 51dddff91046a6665ccc0939eceb4a56dc296e4b
Ancestor: a34d772bed82470e96f079c351c4f3f34695bcd4
Author: darkrain42 at pidgin.im
Date: 2010-04-01T05:26:44
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/51dddff91046a6665ccc0939eceb4a56dc296e4b

Modified files:
        ChangeLog libpurple/plugins/ssl/ssl-gnutls.c
        libpurple/plugins/ssl/ssl-nss.c

ChangeLog: 

gnutls/nss: Don't call the handshake functions synchronously.  Fixes #11525

If the handshake callbacks are called sychronously and they fail
(e.g. passing GnuTLS a bad priority string or doing voodoo with NSS, see
#11524 for details), the error_cb is called and the gsc destroyed, but this
happens /before/ the assignment to, e.g., js->gsc happens (see
jabber.c:tls_init).  Thus, js->gsc is assigned a (now invalid) pointer
and jabber_close tries to free it (again).


-------------- next part --------------
============================================================

--- ChangeLog	cad3c9fd05f6e9006e293aee25361e3d2964aa45
+++ ChangeLog	48d29e6ceb3c92f0c66dc2de0452106a5ac52536
@@ -6,6 +6,9 @@ version 2.7.0 (??/??/????):
 	* Changed GLib minimum version requirement to 2.12.0.
 	* Using the --disable-nls argument to configre now works properly. You
 	  will no longer be forced to have intltool to configure and build.
+	* Fix two related crashes in the GnuTLS and NSS plugins when they
+	  suffer internal errors immediately upon attempting to establish
+	  an SSL connection.
 	* Added support for PURPLE_GNUTLS_PRIORITIES environment variable.
 	  This can be used to specify GnuTLS priorities on a per-host basis.
 	  The format is "host=priority;host2=priority;...".  The default
============================================================
--- libpurple/plugins/ssl/ssl-gnutls.c	7a0c8b54c6bd1e12c9ebddbd9c24fae3758e365e
+++ libpurple/plugins/ssl/ssl-gnutls.c	2f98ac68d428449b43bc257c77a9fa96b1f1cf3b
@@ -36,6 +36,7 @@ typedef struct
 {
 	gnutls_session session;
 	guint handshake_handler;
+	guint handshake_timer;
 } PurpleSslGnutlsData;
 
 #define PURPLE_SSL_GNUTLS_DATA(gsc) ((PurpleSslGnutlsData *)gsc->private_data)
@@ -367,7 +368,20 @@ static void ssl_gnutls_handshake_cb(gpoi
 
 }
 
+static gboolean
+start_handshake_cb(gpointer data)
+{
+	PurpleSslConnection *gsc = data;
+	PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
 
+	purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);
+
+	gnutls_data->handshake_timer = 0;
+
+	ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
+	return FALSE;
+}
+
 static void
 ssl_gnutls_connect(PurpleSslConnection *gsc)
 {
@@ -410,10 +424,8 @@ ssl_gnutls_connect(PurpleSslConnection *
 	gnutls_data->handshake_handler = purple_input_add(gsc->fd,
 		PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);
 
-	purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);
-
 	/* Orborde asks: Why are we configuring a callback, then
-	   immediately calling it?
+	   (almost) immediately calling it?
 
 	   Answer: gnutls_handshake (up in handshake_cb) needs to be called
 	   once in order to get the ball rolling on the SSL connection.
@@ -424,7 +436,8 @@ ssl_gnutls_connect(PurpleSslConnection *
 	   and subsequent calls, we'll just fire the callback immediately to
 	   accomplish this.
 	*/
-	ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
+	gnutls_data->handshake_timer = purple_timeout_add(0, start_handshake_cb,
+	                                                  gsc);
 }
 
 static void
@@ -437,6 +450,8 @@ ssl_gnutls_close(PurpleSslConnection *gs
 
 	if(gnutls_data->handshake_handler)
 		purple_input_remove(gnutls_data->handshake_handler);
+	if (gnutls_data->handshake_timer)
+		purple_timeout_remove(gnutls_data->handshake_timer);
 
 	gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR);
 
============================================================
--- libpurple/plugins/ssl/ssl-nss.c	39de6b0dda68930e4b5b0f7b01f03933cf1c49ad
+++ libpurple/plugins/ssl/ssl-nss.c	b2dc975721e0f4c239a4a2f3637420c8507079e3
@@ -51,7 +51,7 @@ typedef struct
 	PRFileDesc *fd;
 	PRFileDesc *in;
 	guint handshake_handler;
-
+	guint handshake_timer;
 } PurpleSslNssData;
 
 #define PURPLE_SSL_NSS_DATA(gsc) ((PurpleSslNssData *)gsc->private_data)
@@ -368,6 +368,18 @@ ssl_nss_handshake_cb(gpointer data, int 
 	}
 }
 
+static gboolean
+start_handshake_cb(gpointer data)
+{
+	PurpleSslConnection *gsc = data;
+	PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc);
+
+	nss_data->handshake_timer = 0;
+
+	ssl_nss_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
+	return FALSE;
+}
+
 static void
 ssl_nss_connect(PurpleSslConnection *gsc)
 {
@@ -438,7 +450,7 @@ ssl_nss_connect(PurpleSslConnection *gsc
 	nss_data->handshake_handler = purple_input_add(gsc->fd,
 		PURPLE_INPUT_READ, ssl_nss_handshake_cb, gsc);
 
-	ssl_nss_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
+	nss_data->handshake_timer = purple_timeout_add(0, start_handshake_cb, gsc);
 }
 
 static void
@@ -460,6 +472,9 @@ ssl_nss_close(PurpleSslConnection *gsc)
 	if (nss_data->handshake_handler)
 		purple_input_remove(nss_data->handshake_handler);
 
+	if (nss_data->handshake_timer)
+		purple_timeout_remove(nss_data->handshake_timer);
+
 	g_free(nss_data);
 	gsc->private_data = NULL;
 }
