From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 896AF1FF15C
for <inbox@lore.proxmox.com>; Wed, 13 Nov 2024 11:39:38 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 4F70712DA4;
Wed, 13 Nov 2024 11:39:39 +0100 (CET)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed, 13 Nov 2024 11:39:37 +0100
Message-Id: <20241113103937.1554474-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.016 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox v2] fix #5868: rest-server: connection:
fix busy waiting on closed connections pre tls
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>
when a connection is closed before we have enough data to determine
if it's tls or not, the socket stays in a readable state.
Sadly, the tokio timeout we use here gets starved by the async_io
callback.
To fix this, save the amount of bytes peek returned and if they did not
change between invocations of the callback, we assume that the
connection was closed and exit with an error.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
changes from v1:
* removed leftover unrelated test code
* fixed up the commit message with the bug #
proxmox-rest-server/src/connection.rs | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/proxmox-rest-server/src/connection.rs b/proxmox-rest-server/src/connection.rs
index 3815a8f4..11f29ce4 100644
--- a/proxmox-rest-server/src/connection.rs
+++ b/proxmox-rest-server/src/connection.rs
@@ -477,6 +477,7 @@ impl AcceptBuilder {
const HANDSHAKE_BYTES_LEN: usize = 5;
let future = async {
+ let mut old_peek_len = 0;
incoming_stream
.async_io(tokio::io::Interest::READABLE, || {
let mut buf = [0; HANDSHAKE_BYTES_LEN];
@@ -500,7 +501,14 @@ impl AcceptBuilder {
// This means we will peek into the stream's queue until we got
// HANDSHAKE_BYTE_LEN bytes or an error.
Ok(peek_len) if peek_len < HANDSHAKE_BYTES_LEN => {
- Err(io::ErrorKind::WouldBlock.into())
+ // if we detect the same peek len again but still got a readable
+ // stream, the connection was probably closed, so abort here
+ if peek_len == old_peek_len {
+ Err(io::ErrorKind::UnexpectedEof.into())
+ } else {
+ old_peek_len = peek_len;
+ Err(io::ErrorKind::WouldBlock.into())
+ }
}
// Either we got Ok(HANDSHAKE_BYTES_LEN) or some error.
res => res.map(|_| contains_tls_handshake_fragment(&buf)),
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel